In WP FOFT Loader plugin for WordPress versions up to and including 2.1.39 a high severity vulnerability CVE-2026-1756 was detected. This vulnerability allows authenticated attackers with Author-level access or higher to upload arbitrary files due to improper file type validation in the `WP_FOFT_Loader_Mimes::file_and_ext` function, potentially enabling remote code execution on the affected site. To address this issue, users should upgrade WP FOFT Loader plugin to version 2.1.40 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1756.
Read more CMS
In Django versions 6.0 before 6.0.2, 5.2 before 5.2.11 and 4.2 before 4.2.28 a high severity vulnerability CVE-2025-14550 was detected. This vulnerability allows remote attackers to cause a potential denial-of-service by sending crafted ASGI requests containing multiple duplicate headers, which can lead to excessive resource consumption. To address this issue, users should upgrade Django to versions 6.0.2, 5.2.11, 4.2.28 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14550.
Read more Application Development
In Django versions 6.0 before 6.0.2, 5.2 before 5.2.11 and 4.2 before 4.2.28 a medium severity vulnerability CVE-2025-13473 was detected. This vulnerability allows remote attackers to perform username enumeration via a timing attack in the `django.contrib.auth.handlers.modwsgi.check_password()` function used for authentication with `mod_wsgi`. To address this issue, users should upgrade Django to versions 6.0.2, 5.2.11, 4.2.28 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13473.
Read more Application Development
In Dolibarr versions up to and including 11.0.3 a medium severity vulnerability CVE-2020-36966 was detected. This vulnerability allows attackers to inject malicious scripts via the LDAP synchronization settings, specifically through the `host`, `slave`, and `port` parameters in `/dolibarr/admin/ldap.php`, potentially enabling arbitrary JavaScript execution and theft of user cookie information. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-36966.
Read more ERP
In GitLab CE/EE versions 16.8 up to but not including 18.5.0 a low severity vulnerability CVE-2026-1751 was detected. This vulnerability could allow unauthorized users to edit merge request approval rules under certain conditions, potentially undermining workflow and approval integrity. To address this issue, users should upgrade GitLab CE/EE to version 18.5.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1751.
Read more Application Development
In OpenVPN versions 2.7_alpha1 through 2.7_rc5 a low severity vulnerability CVE-2025-15497 was detected. This vulnerability allows remote authenticated users to trigger an assertion failure due to insufficient epoch key slot processing, resulting in a denial of service. To address this issue, users should upgrade OpenVPN to version 2.7_rc5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-15497.
Read more Security
In NocoDB versions prior to 0.301.0 a medium severity vulnerability CVE-2026-24766 was detected. This vulnerability allows authenticated users with org-level-creator permissions to exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, causing all database write operations to fail application-wide until the server is restarted, resulting in a denial of service. To address this issue, users should upgrade NocoDB to version 0.301.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24766.
Read more Database
In Django versions 6.0 before 6.0.2, 5.2 before 5.2.11 and 4.2 before 4.2.28 a medium severity vulnerability CVE-2026-1312 was detected. This vulnerability allows attackers to perform SQL injection via `.QuerySet.order_by()` when using column aliases containing periods in combination with `FilteredRelation` and dictionary expansion, potentially compromising the database. To address this issue, users should upgrade Django to 6.0.2, 5.2.11, 4.2.28 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1312.
Read more Application Development
In Django versions 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28 a high severity vulnerability CVE-2026-1287 was detected. This vulnerability allows attackers to perform SQL injection via control characters in column aliases when using `FilteredRelation` in combination with dictionary expansion passed to `QuerySet` methods such as `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`, potentially compromising the database. To address this issue, users should upgrade Django to version 6.0.2, 5.2.11, 4.2.28 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1287.
Read more Application Development