In Django versions 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30 a medium severity vulnerability CVE-2026-4277 was discovered. This issue allows attackers to bypass permission checks when adding inline model instances by submitting forged POST data in GenericInlineModelAdmin. To address this issue, users should upgrade Django to versions 6.0.4, 5.2.13, or 4.2.30. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4277.
Read more Application DevelopmentIn Budibase versions prior to 3.33.4 a high severity vulnerability CVE-2026-25044 was detected. This vulnerability allows attackers to execute arbitrary commands by injecting malicious input into the Bash automation step, which uses execSync without proper sanitization and processes user input through template interpolation. To address this issue, users should upgrade Budibase to version 3.33.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25044.
Read more Application DevelopmentIn Discourse versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 a low severity vulnerability CVE-2026-34947 was detected. This vulnerability allows attackers to access staged user custom fields and usernames on public invite pages without email verification, leading to unintended information disclosure. To address this issue, users should upgrade Discourse to versions 2026.1.3, 2026.2.2 , or 2026.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-34947.
Read more CommunicationIn Discourse versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 a medium severity vulnerability CVE-2026-27481 was detected. This vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and associated data due to an authorization bypass in tag routes. To address this issue, users should upgrade Discourse to versions 2026.1.3, 2026.2.2, or 2026.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27481.
Read more CommunicationIn Django versions 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30 a high severity vulnerability CVE-2026-33034 was detected. This vulnerability allows attackers to cause denial of service (DoS) by sending ASGI requests with missing or understated Content-Length headers, bypassing the DATA_UPLOAD_MAX_MEMORY_SIZE limit and forcing the server to load unbounded request bodies into memory. To address this issue, users should upgrade Django to versions 6.0.4, 5.2.13, or 4.2.30. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33034.
Read more Application DevelopmentIn Django versions 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30 a medium severity vulnerability CVE-2026-33033 was detected. This vulnerability allows attackers to degrade server performance and cause denial of service (DoS) by sending multipart uploads with Content-Transfer-Encoding: base64 containing excessive whitespace, exploiting inefficiencies in the MultiPartParser. To address this issue, users should upgrade Django to versions 6.0.4, 5.2.13, or 4.2.30. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33033.
Read more Application DevelopmentIn BookStack versions up to 26.03 a medium severity vulnerability CVE-2026-5484 was detected. This vulnerability allows attackers to exploit improper access controls in the chapterToMarkdown function of the Chapter Export Handler by manipulating the pagesargument, potentially enabling unauthorized data access. To address this issue, users should upgrade BookStack to version 26.03.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5484.
Read more CMSIn Budibase versions prior to 3.32.5 a high severity vulnerability CVE-2026-35218 was detected. This vulnerability allows authenticated users with Builder access to execute stored cross-site scripting (XSS) by injecting malicious HTML into entity names, which are rendered without sanitization in the Builder Command Palette using the {@html} directive. This can lead to session hijacking and potential account takeover. To address this issue, users should upgrade Budibase to version 3.32.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35218.
Read more Application DevelopmentIn Budibase versions prior to 3.33.4 a critical severity vulnerability CVE-2026-35216 was detected. This vulnerability allows unauthenticated attackers to achieve remote code execution (RCE) by triggering automations containing a Bash step through a public webhook endpoint, with commands executed as root inside the container. To address this issue, users should upgrade Budibase to version 3.33.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35216.
Read more Application Development