In Wazuh versions 4.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-41499 was detected. This vulnerability allows attackers to trigger heap-based out-of-bounds writes in the parse_uname_string() function due to unsafe handling of empty strings, resulting in unsigned integer underflow and writes before allocated buffers that can corrupt heap metadata and lead to denial of service or potential code execution. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41499.
Read more SecurityIn Rocket.Chat versions prior to 8.4.0, prior to 8.3.2, prior to 8.2.2, prior to 8.1.3, prior to 8.0.4, prior to 7.13.6, prior to 7.12.7, prior to 7.11.7, and prior to 7.10.10 a medium severity vulnerability CVE-2026-29197 was detected. This vulnerability allows authenticated users without the proper permissions to read Apps-Engine logs due to a typo in the permission checks for the /api/apps/logs and /api/apps/:id/logs endpoints. To address this issue, users should upgrade Rocket.Chat to versions 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, 7.10.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29197.
Read more CommunicationIn Rocket.Chat versions prior to 8.3.0, prior to 8.2.1, prior to 8.1.2, prior to 8.0.3, prior to 7.13.5, prior to 7.12.6, prior to 7.11.6, and prior to 7.10.9 a critical severity vulnerability CVE-2026-29198 was detected. This vulnerability allows attackers to perform NoSQL injection in the OAuth flow, potentially leading to account takeover of the first user with a generated token when an OAuth application is configured. To address this issue, users should upgrade Rocket.Chat to versions 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6 or 7.10.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29198.
Read more CommunicationIn MinIO versions RELEASE.2023-05-18T00-05-36Z to versions prior to RELEASE.2026-04-11T03-20-12Z a high severity vulnerability CVE-2026-41145 was detected. This vulnerability allows attackers with a valid access key to bypass authentication and write arbitrary objects to any bucket without a secret key or valid cryptographic signature by exploiting the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path. To address this issue, users should upgrade MinIO to versions RELEASE.2026-04-11T03-20-12Z or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41145.
Read more StorageIn MinIO versions RELEASE.2023-05-18T00-05-36Z to versions prior to RELEASE.2026-04-11T03-20-12Z a high severity vulnerability CVE-2026-40344 was detected. This vulnerability allows attackers who know a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature, due to missing signature verification for unsigned-trailer uploads in the Snowball auto-extract handler. To address this issue, users should upgrade MinIO to versions RELEASE.2026-04-11T03-20-12Z or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40344.
Read more StorageIn Wazuh versions 4.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-26206 was detected. This vulnerability allows attackers to bypass API brute-force protection by exploiting a race condition in login attempt tracking, enabling more authentication attempts than intended through concurrent requests. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26206.
Read more SecurityIn Wazuh versions 1.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-26204 was detected. This vulnerability allows attackers to cause denial of service or heap corruption by exploiting a heap-based buffer underflow in the GetAlertData function, resulting in an out-of-bounds write before the allocated buffer. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26204.
Read more SecurityIn vLLM versions up to 0.19.0 a medium severity vulnerability CVE-2026-7141 was detected. This vulnerability allows attackers to trigger use of an uninitialized resource by manipulating the has_mamba_layers function in the KV cache interface, potentially leading to unexpected behavior. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7141.
Read more Machine Learning Knowledge Base Newsflash Data Management and AnalyticsIn FreeScout versions prior to 1.8.213 a medium severity vulnerability CVE-2026-40565 was detected. This vulnerability allows attackers to inject arbitrary HTML attributes by sending emails with specially crafted plain-text URLs containing unescaped double-quote characters, which are improperly converted into HTML anchor tags. To address this issue, users should upgrade FreeScout to version 1.8.213. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40565.
Read more Customer Service