In FreeIPA versions 2.x and 3.x before 3.1.2 a high severity vulnerability CVE-2012-5484 was detected. This vulnerability allows attackers to perform man-in-the-middle (MITM) attacks and spoof a join procedure via a crafted certificate because the client does not properly obtain the Certification Authority (CA) certificate from the server. To address this issue, users should upgrade FreeIPA to version 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2012-5484.
Read more SecurityIn Prometheus versions prior to 3.5.3 and 3.11.3 a high severity vulnerability CVE-2026-42154 was detected. This vulnerability allows unauthenticated attackers to send a small, specially crafted snappy-compressed payload to the remote read endpoint (/api/v1/read) that causes a massive heap allocation, leading to memory exhaustion and crashing the Prometheus process (Denial of Service). To address this issue, users should upgrade Prometheus to versions 3.5.3 or 3.11.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42154.
Read more Data AnalyticsIn Django versions 6.0 before 6.0.5 and 5.2 before 5.2.14 a medium severity vulnerability CVE-2026-6907 was detected. This vulnerability allows attackers to potentially access exposed private data because UpdateCacheMiddleware erroneously caches requests where the Vary header contains an asterisk (‘*’), leading to sensitive data being improperly stored and served. To address this issue, users should upgrade Django to versions 6.0.5 or 5.2.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-6907.
Read more Application DevelopmentIn Django versions 6.0 before 6.0.5 and 5.2 before 5.2.14 a medium severity vulnerability CVE-2026-5766 was detected. This vulnerability allows attackers to bypass the FILE_UPLOAD_MAX_MEMORY_SIZE limit by sending ASGI requests with a missing or understated Content-Length header, potentially loading large files into memory and causing service degradation (Denial of Service). To address this issue, users should upgrade Django to versions 6.0.5 or 5.2.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5766.
Read more Application DevelopmentIn Django versions 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 a medium severity vulnerability CVE-2013-6044 was detected. This vulnerability allows attackers to introduce cross-site scripting (XSS) or other vulnerabilities by exploiting the is_safe_url function, which improperly treats a URL’s scheme as safe even if it is not HTTP or HTTPS (such as the javascript: scheme). To address this issue, users should upgrade Django to versions 1.4.6, 1.5.2, or 1.6 beta 2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-6044.
Read more Application DevelopmentIn Prefect versions up to 3.6.21 a high severity vulnerability CVE-2026-7722 was detected. This vulnerability allows remote attackers to bypass authentication by manipulating the endswith function within the /api/health endpoint. To address this issue, users should upgrade Prefect to version 3.6.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7722.
Read more Developer ToolsIn AFFiNE versions up to 0.26.3 a medium severity vulnerability CVE-2026-7702 was detected. This vulnerability allows remote attackers to bypass authorization and access document previews by manipulating the allowDocPreview function within the Public Markdown Preview Endpoint. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7702.
Read more Communication and CollaborationIn Apache HTTP Server versions mod_auth_shadow-2.2-8.fc11, mod_auth_shadow-2.2-8.fc12, and mod_auth_shadow-2.2-5.el5 a medium severity vulnerability CVE-2010-1151 was detected. This vulnerability allows remote attackers to bypass authentication, and read and possibly modify data, via a race condition in the mod_auth_shadow module related to improper interaction with an external helper application for validation of credentials. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2010-1151.
Read more Application DevelopmentIn Appsmith versions up to 1.97 a high severity vulnerability CVE-2026-5418 was detected. This vulnerability allows remote attackers to launch server-side request forgery (SSRF) attacks by manipulating the computeDisallowedHosts function within the Dashboard component. To address this issue, users should upgrade Appsmith to version 1.99. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5418.
Read more Application Development