In Django versions 6.0 before 6.0.2, 5.2 before 5.2.11 and 4.2 before 4.2.28 a high severity vulnerability CVE-2026-1285 was detected. This vulnerability allows remote attackers to cause a potential denial-of-service via `django.utils.text.Truncator` HTML methods (`chars()` and `words()` with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters when processing crafted inputs containing a large number of unmatched HTML end tags. To address this issue, users should upgrade Django to versions 6.0.2, 5.2.11, 4.2.28 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1285.
Read more Application Development
In Django versions 6.0 before 6.0.2, 5.2 before 5.2.11 and 4.2 before 4.2.28 a high severity vulnerability CVE-2026-1207 was detected. This vulnerability allows remote attackers to perform SQL injection via raster lookups on `RasterField` (PostGIS) by manipulating the band index parameter, potentially compromising the database. To address this issue, users should upgrade Django to versions 6.0.2, 5.2.11, 4.2.28 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1207.
Read more Application Development
In NocoDB versions prior to 0.301.0 a medium severity vulnerability CVE-2026-24768 was detected. This vulnerability allows attackers to perform unvalidated redirects via the `continueAfterSignIn` parameter in the login flow, potentially redirecting users to arbitrary external websites and enabling phishing attacks. To address this issue, users should upgrade NocoDB to version 0.301.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24768.
Read more Database
In NocoDB versions prior to 0.301.0 a medium severity vulnerability CVE-2026-24767 was detected. This vulnerability allows attackers to perform blind Server-Side Request Forgery (SSRF) via unvalidated `HEAD` requests in the `uploadViaURL` functionality, enabling limited outbound requests to arbitrary URLs before SSRF protections are enforced. To address this issue, users should upgrade NocoDB to version 0.301.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24767.
Read more Database
In EGroupware versions prior to 23.1.20260113 and 26.0.20260113 a high severity vulnerability CVE-2026-22243 was detected. This vulnerability allows authenticated attackers to inject arbitrary SQL commands into the WHERE clause of database queries due to improper handling of user input in the Nextmatch filter processing, caused by a PHP type juggling issue during JSON decoding. To address this issue, users should upgrade EGroupware to versions 23.1.20260113 or 26.0.20260113. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-22243.
Read more Communication
In LimeSurvey versions up to and including 4.3.10 a medium severity vulnerability CVE-2020-36993 was detected. This vulnerability allows attackers to inject malicious SVG scripts through the Survey Menu parameters, enabling the execution of arbitrary JavaScript in administrative contexts. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-36993.
Read more Communication
In NocoDB versions prior to 0.301.0 a high severity vulnerability CVE-2026-24769 was detected. This vulnerability allows authenticated attackers to upload malicious SVG files containing embedded JavaScript, which are later executed in the browsers of users who view the attachment, potentially leading to account compromise, data exfiltration, and unauthorized actions. To address this issue, users should upgrade NocoDB to version 0.301.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24769.
Read more Database
In Discourse versions prior to 3.5.4, 2025.11.2, 2025.12.1 and 2026.1.0 a high severity vulnerability CVE-2025-68934 was detected. This vulnerability allows authenticated users to trigger a denial of service by submitting crafted payloads to the /drafts.json endpoint, causing inefficient O(n²) processing in Base62.decode and tying up worker processes for extended periods. To address this issue, users should upgrade Discourse to versions 3.5.4, 2025.11.2, 2025.12.1 or 2026.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68934.
Read more Communication
In Discourse versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 a high severity vulnerability CVE-2025-68933 was detected. This vulnerability allows non-administrator moderators, when the moderators_change_post_ownership setting is enabled, to change ownership of posts in private messages and restricted categories they cannot access, then export the data to view the private content. To address this issue, users should upgrade Discourse to versions 3.5.4, 2025.11.2, 2025.12.1 and 2026.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68933.
Read more Communication