In @backstage/plugin-scaffolder-backend versions prior to 3.1.4 a low severity vulnerability CVE-2026-29184 was detected. This vulnerability allows a malicious scaffolder template to bypass the log redaction mechanism and exfiltrate secrets provided during task execution through event logs. To address this issue, users should upgrade @backstage/plugin-scaffolder-backend to version 3.1.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29184.
Read more Developer Tools
In Gogs versions prior to 0.14.2 a medium severity vulnerability CVE-2026-26196 was detected. This vulnerability allows attackers to obtain access tokens because the API accepts tokens in URL parameters such as `token` and `access_token`, which can be exposed through logs, browser history, or referrers. To address this issue, users should upgrade Gogs to version 0.14.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26196.
Read more Developer Tools
In Gogs versions prior to 0.14.2 a medium severity vulnerability CVE-2026-26195 was detected. This vulnerability allows attackers to perform Stored Cross-Site Scripting (XSS) through author and committer names in branch and wiki views due to unsafe template rendering combined with permissive sanitizer handling of data URLs. To address this issue, users should upgrade Gogs to version 0.14.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26195.
Read more Developer Tools
In Gogs versions prior to 0.14.2 a high severity vulnerability CVE-2026-26194 was detected. This vulnerability allows attackers to inject arbitrary Git options when deleting a release if a user-controlled tag name is passed without proper sanitization, potentially manipulating the release deletion process. To address this issue, users should upgrade Gogs to version 0.14.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26194.
Read more Developer Tools
In Gogs versions prior to 0.14.2 a high severity vulnerability CVE-2026-26022 was detected. This vulnerability allows authenticated attackers to inject and execute arbitrary JavaScript via data URI schemes in issue comments or descriptions, due to insufficient sanitization. To address this issue, users should upgrade Gogs to version 0.14.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26022.
Read more Developer Tools
In Gogs versions prior to 0.14.2 a critical severity vulnerability CVE-2026-25921 was detected. This vulnerability allows attackers to maliciously overwrite Git LFS objects across different repositories due to missing content hash verification, potentially enabling supply-chain attacks. To address this issue, users should upgrade Gogs to version 0.14.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25921.
Read more Developer Tools
In Dolibarr ERP/CRM version 10.0.1 a high severity vulnerability CVE-2019-25450 was detected. This vulnerability allows authenticated attackers to execute arbitrary SQL queries via POST parameters such as `actioncode`, `demand_reason_id`, and `availability_id` in the `card.php` endpoint, potentially exposing sensitive database information through boolean-based blind, error-based, or time-based blind SQL injection techniques. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2019-25450.
Read more ERP
In Foreman versions 1.22.0 and higher a high severity vulnerability CVE-2025-9572 was detected. This vulnerability allows low-privileged users to bypass access controls in the GraphQL API, enabling them to access metadata beyond their assigned permissions and potentially leading to unauthorized information disclosure. To address this issue, users should upgrade Foreman to versions 3.16.2 or 3.17.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9572.
Read more IT Business Management
In FreeScout versions prior to 1.8.206 a critical severity vulnerability CVE-2026-27637 was detected. This vulnerability allows attackers to compute predictable authentication tokens using `MD5(user_id + created_at + APP_KEY)`, enabling full account takeover, including administrative accounts, without requiring a password. To address this issue, users should upgrade FreeScout to version 1.8.206 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27637.
Read more Customer Service