Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    1 May 2026 Infrastructure and Network
    Wazuh: Heap-Based Buffer Underflow in parse_uname_string()

    In Wazuh versions 4.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-41499 was detected. This vulnerability allows attackers to trigger heap-based out-of-bounds writes in the parse_uname_string() function due to unsafe handling of empty strings, resulting in unsigned integer underflow and writes before allocated buffers that can corrupt heap metadata and lead to denial of service or potential code execution. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41499.

    Read more
    Security
    1 May 2026 Communication and Collaboration
    Rocket.Chat: Authorization Bypass Allows Unauthorized Access to Apps-Engine Logs

    In Rocket.Chat versions prior to 8.4.0, prior to 8.3.2, prior to 8.2.2, prior to 8.1.3, prior to 8.0.4, prior to 7.13.6, prior to 7.12.7, prior to 7.11.7, and prior to 7.10.10 a medium severity vulnerability CVE-2026-29197 was detected. This vulnerability allows authenticated users without the proper permissions to read Apps-Engine logs due to a typo in the permission checks for the /api/apps/logs and /api/apps/:id/logs endpoints. To address this issue, users should upgrade Rocket.Chat to versions 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, 7.10.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29197.

    Read more
    Communication
    1 May 2026 Communication and Collaboration
    Rocket.Chat: NoSQL Injection in OAuth Flow Leads to Account Takeover

    In Rocket.Chat versions prior to 8.3.0, prior to 8.2.1, prior to 8.1.2, prior to 8.0.3, prior to 7.13.5, prior to 7.12.6, prior to 7.11.6, and prior to 7.10.9 a critical severity vulnerability CVE-2026-29198 was detected. This vulnerability allows attackers to perform NoSQL injection in the OAuth flow, potentially leading to account takeover of the first user with a generated token when an OAuth application is configured. To address this issue, users should upgrade Rocket.Chat to versions 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6 or 7.10.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29198.

    Read more
    Communication
    30 Apr 2026 Infrastructure and Network
    MinIO: Authentication Bypass via Unsigned Payload Trailer

    In MinIO versions RELEASE.2023-05-18T00-05-36Z to versions prior to RELEASE.2026-04-11T03-20-12Z a high severity vulnerability CVE-2026-41145 was detected. This vulnerability allows attackers with a valid access key to bypass authentication and write arbitrary objects to any bucket without a secret key or valid cryptographic signature by exploiting the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path. To address this issue, users should upgrade MinIO to versions RELEASE.2026-04-11T03-20-12Z or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41145.

    Read more
    Storage
    30 Apr 2026 Infrastructure and Network
    MinIO: Unauthenticated Object Write via Missing Signature Verification in Snowball Auto-Extract

    In MinIO versions RELEASE.2023-05-18T00-05-36Z to versions prior to RELEASE.2026-04-11T03-20-12Z a high severity vulnerability CVE-2026-40344 was detected. This vulnerability allows attackers who know a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature, due to missing signature verification for unsigned-trailer uploads in the Snowball auto-extract handler. To address this issue, users should upgrade MinIO to versions RELEASE.2026-04-11T03-20-12Z or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40344.

    Read more
    Storage
    30 Apr 2026 Infrastructure and Network
    Wazuh: Brute-Force Protection Bypass via Race Condition

    In Wazuh versions 4.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-26206 was detected. This vulnerability allows attackers to bypass API brute-force protection by exploiting a race condition in login attempt tracking, enabling more authentication attempts than intended through concurrent requests. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26206.

    Read more
    Security
    30 Apr 2026 Infrastructure and Network
    Wazuh: Heap Buffer Underflow in GetAlertData Leads to DoS

    In Wazuh versions 1.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-26204 was detected. This vulnerability allows attackers to cause denial of service or heap corruption by exploiting a heap-based buffer underflow in the GetAlertData function, resulting in an out-of-bounds write before the allocated buffer. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26204.

    Read more
    Security
    30 Apr 2026 Data Management and Analytics
    vLLM: Uninitialized Resource in KV Cache Interface

    In vLLM versions up to 0.19.0 a medium severity vulnerability CVE-2026-7141 was detected. This vulnerability allows attackers to trigger use of an uninitialized resource by manipulating the has_mamba_layers function in the KV cache interface, potentially leading to unexpected behavior. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7141.

    Read more
    Machine Learning Knowledge Base Newsflash Data Management and Analytics
    29 Apr 2026 Business and Enterprise Solutions
    FreeScout: HTML Attribute Injection via Unescaped Quotes

    In FreeScout versions prior to 1.8.213 a medium severity vulnerability CVE-2026-40565 was detected. This vulnerability allows attackers to inject arbitrary HTML attributes by sending emails with specially crafted plain-text URLs containing unescaped double-quote characters, which are improperly converted into HTML anchor tags. To address this issue, users should upgrade FreeScout to version 1.8.213. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40565.

    Read more
    Customer Service
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}