In Budibase versions prior to 3.33.4 a critical severity vulnerability CVE-2026-31818 was detected. This vulnerability allows attackers to perform server-side request forgery (SSRF) due to ineffective IP blacklist enforcement in the REST datasource connector when the BLACKLIST_IPS environment variable is unset, allowing unrestricted outbound requests. To address this issue, users should upgrade Budibase to version 3.33.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-31818.
Read more Application DevelopmentIn Budibase versions prior to 3.33.4 a high severity vulnerability CVE-2026-35214 was detected. This vulnerability allows attackers with Global Builder privileges to perform path traversal attacks via the plugin file upload endpoint, enabling arbitrary directory deletion and file write by supplying crafted filenames containing traversal sequences. To address this issue, users should upgrade Budibase to version 3.33.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35214.
Read more Application DevelopmentIn changedetection.io versions prior to 0.54.7 a medium severity vulnerability CVE-2026-33981 was detected. This vulnerability allows attackers to disclose sensitive environment variables by exploiting the jq: and jqraw: include filters, which permit use of the jq env builtin to read and expose process environment variables. To address this issue, users should upgrade changedetection.io to version 0.54.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33981.
Read more MonitoringIn Discourse versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 a medium severity vulnerability CVE-2026-33415 was detected. This vulnerability allows authenticated moderator-level users to access post content, topic titles, and usernames from categories they are not authorized to view due to improper access control in a sentiment analytics endpoint. To address this issue, users should upgrade Discourse to versions 2026.1.3, 2026.2.2, or 2026.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33415.
Read more CommunicationIn Discourse versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 a medium severity vulnerability CVE-2026-33300 was detected. This vulnerability allows moderators to access hidden group names and user count metadata via the category-chatables endpoint due to an authorization bypass in the controller’s show action. To address this issue, users should upgrade Discourse to versions 2026.1.3, 2026.2.2, or 2026.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33300.
Read more CommunicationIn Discourse versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 a medium severity vulnerability CVE-2026-33185 was detected. This vulnerability allows attackers to perform server-side request forgery (SSRF) by abusing the group email settings test endpoint to initiate outbound connections to arbitrary hosts and ports, potentially enabling internal network probing. To address this issue, users should upgrade Discourse to versions 2026.1.3, 2026.2.2, or 2026.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33185.
Read more CommunicationIn Alerta versions prior to 9.1.0 a medium severity vulnerability CVE-2026-34400 was detected. This vulnerability allows attackers to perform SQL injection via the query string search API (q=) due to unsafe interpolation of user-supplied input into SQL statements. To address this issue, users should upgrade Alerta to version 9.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-34400.
Read more MonitoringIn Gitlab versions all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 a high severity vulnerability CVE-2026-2370 was detected. An improper authorization check in Jira Connect installations could allow an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the application. To address this issue, users should update Gitlab to versions 18.8.7, 18.9.3, and 18.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2370.
Read more Developer ToolsIn MLflow versions before v3.7.0 a critical severity vulnerability CVE-2025-15036 was detected. A path traversal flaw in the extract_archive_to_dir function allows crafted tar archives to write files outside the intended extraction directory by using malicious member paths. To address this issue, users should update MLflow to versions v3.7.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-15036.
Read more Data Analytics