In AFFiNE versions up to 0.26.3 a medium severity vulnerability CVE-2026-7702 was detected. This vulnerability allows remote attackers to bypass authorization and access document previews by manipulating the allowDocPreview function within the Public Markdown Preview Endpoint. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7702.
Read more Communication and CollaborationIn Apache HTTP Server versions mod_auth_shadow-2.2-8.fc11, mod_auth_shadow-2.2-8.fc12, and mod_auth_shadow-2.2-5.el5 a medium severity vulnerability CVE-2010-1151 was detected. This vulnerability allows remote attackers to bypass authentication, and read and possibly modify data, via a race condition in the mod_auth_shadow module related to improper interaction with an external helper application for validation of credentials. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2010-1151.
Read more Application DevelopmentIn Mastodon versions prior to 4.5.9, 4.4.16, and 4.3.22 a high severity vulnerability CVE-2026-41259 was detected. This vulnerability allows attackers to bypass email domain restrictions by using specially crafted email addresses with characters interpreted differently by mail servers due to insufficient validation. To address this issue, users should upgrade Mastodon to versions 4.5.9, 4.4.16 or 4.3.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41259.
Read more CommunicationIn Helpy version 2.8.0 a medium severity vulnerability CVE-2026-40229 was detected. This vulnerability allows attackers to perform stored cross-site scripting (XSS) by injecting arbitrary HTML into the account name field, which is then rendered unescaped in post author displays across public forum threads, admin ticket views, and HTML notification emails. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40229.
Read more Customer ServiceIn Helpy version 2.8.0 a medium severity vulnerability CVE-2026-40230 was detected. This vulnerability allows authenticated attackers with admin or agent editor privileges to inject and persist arbitrary HTML or JavaScript in the knowledge base document body field, which is then executed during rendering due to improper sanitization. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40230.
Read more Customer ServiceIn Jenkins GitHub Branch Source Plugin version 1967.vdea_d580c1a_b_a_ and earlier a medium severity vulnerability CVE-2026-42522 was detected. This vulnerability allows attackers with Overall/Read permission to initiate connections to attacker-specified URLs using attacker-controlled GitHub App credentials due to a missing permission check. To address this issue, users should upgrade Jenkins GitHub Branch Source plugin to version 1967.1969.v205fd594c821. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42522.
Read more Developer ToolsIn Jenkins GitHub Plugin version 1.46.0 and earlier a high severity vulnerability CVE-2026-42523 was detected. This vulnerability allows non-anonymous attackers with Overall/Read permission to execute stored cross-site scripting (XSS) due to improper handling of the current job URL in JavaScript used by the “GitHub hook trigger for GITScm polling” feature. To address this issue, users should upgrade Jenkins GitHub plugin to version 1.46.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42523.
Read more Developer ToolsIn Wazuh versions 4.8.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-28221 was detected. This vulnerability allows attackers to trigger a stack-based buffer overflow in the print_hex_string() function via specially crafted input sent over the network prior to authentication, potentially leading to memory corruption, denial of service, or further exploitation. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-28221.
Read more SecurityIn Wazuh versions 4.4.0 up to before 4.14.4 a critical severity vulnerability CVE-2026-30893 was detected. This vulnerability allows authenticated cluster peers to perform path traversal attacks in the decompress_files() routine, enabling arbitrary file write outside the intended directory and potential remote code execution by overwriting loaded modules. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-30893.
Read more Security