In Gogs versions 0.13.4 and prior a medium severity vulnerability CVE-2026-25120 was detected. This vulnerability allows repository administrators to delete comments from other repositories by supplying arbitrary comment IDs due to missing repository ownership validation in the DeleteComment API. To address this issue, users should upgrade Gogs to version 0.14.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25120.
Read more Developer Tools
In PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a high severity vulnerability CVE-2026-2006 was detected. This vulnerability allows a database user to issue crafted queries that trigger a buffer overrun due to missing validation of multibyte character length in text manipulation functions, potentially leading to arbitrary code execution as the operating system user running the database. To address this issue, users should upgrade PostgreSQL to versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2006.
Read more Security
In PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a high severity vulnerability CVE-2026-2005 was detected. This vulnerability allows a ciphertext provider to trigger a heap buffer overflow in the pgcrypto extension, potentially leading to arbitrary code execution as the operating system user running the database. To address this issue, users should upgrade PostgreSQL to versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2005.
Read more Security
In PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a high severity vulnerability CVE-2026-2004 was detected. This vulnerability allows an object creator to execute arbitrary code as the operating system user running the database due to missing validation of input types in the intarray extension selectivity estimator function. To address this issue, users should upgrade PostgreSQL to versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2004.
Read more Security
In PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a medium severity vulnerability CVE-2026-2003 was detected. This vulnerability allows a database user to disclose portions of server memory due to improper validation of the “oidvector” type, which may expose sensitive information under certain conditions. To address this issue, users should upgrade to PostgreSQL versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2003.
Read more Security
In Traefik versions prior to 3.6.8 a high severity vulnerability CVE-2026-25949 was detected. This vulnerability allows an unauthenticated attacker to bypass the entrypoint respondingTimeouts.readTimeout setting by sending the 8-byte Postgres SSLRequest (STARTTLS) prelude and stalling the connection, causing connections to remain open indefinitely and potentially leading to a denial-of-service condition. To address this issue, users should upgrade Traefik to version 3.6.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25949.
Read more Security
In Mattermost versions 11.1.x up to and including 11.1.2, 10.11.x up to and including 10.11.9, 11.2.x up to and including 11.2.1 and Mattermost Plugin Zoom versions up to and including 1.11.0 a medium severity vulnerability CVE-2026-0997 was detected. This vulnerability allows authenticated users to modify Zoom meeting restrictions for arbitrary channels via crafted API requests due to insufficient validation of the authenticated user in the /plugins/zoom/api/v1/channel-preference endpoint. To address this issue, users should upgrade Mattermost and the Mattermost Zoom Plugin to versions 11.3.0, 11.1.3, 10.11.10 or 11.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-0997.
Read more Communication
In Mattermost versions 10.11.x up to and including 10.11.9 a low severity vulnerability CVE-2025-14573 was detected. This vulnerability allows team administrators without proper invite permissions to bypass restrictions and add users to their team via crafted API requests due to improper enforcement of invite permission checks when updating team settings through the allow_open_invite field. To address this issue, users should upgrade to versions 11.3.0 or 10.11.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14573.
Read more Communication
In Mattermost versions 11.1.x up to and including 11.1.2, 10.11.x up to and including 10.11.9, and 11.2.x up to and including 11.2.1 a medium severity vulnerability CVE-2025-14350 was detected. This vulnerability allows authenticated users to determine the existence of teams and their URL names by posting channel shortlinks and observing the channel_mentions property in the API response due to improper validation of team membership when processing channel mentions. To address this issue, users should upgrade Mattermost to versions 11.3.0, 11.1.3, 10.11.10 or 11.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14350.
Read more Communication