In Vaultwarden versions prior to 1.35.4 a high severity vulnerability CVE-2026-27803 was detected. This vulnerability allows users with the Manager role to perform collection management operations even when their `manage` permission is set to false, as long as they have access to the collection. To address this issue, users should upgrade Vaultwarden to version 1.35.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27803.
In ZITADEL versions 4.0.0-rc.1 to 4.7.0 a critical severity vulnerability CVE-2026-29067 was detected. This vulnerability allows attackers to manipulate the Forwarded or X-Forwarded-Host header used in the password reset mechanism of Login V2, potentially constructing malicious password reset URLs that could lead to account takeover. To address this issue, users should upgrade ZITADEL to version 4.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29067.
Read more Developer ToolsIn Kestra versions 1.1.10 and prior a medium severity vulnerability CVE-2026-29082 was detected. This vulnerability allows attackers to execute stored cross-site scripting (XSS) by injecting malicious Markdown (.md) content in the execution-file preview, which is rendered with markdown-it as HTML and injected via Vue’s v-html without sanitization. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29082.
Read more MonitoringIn ZITADEL versions 4.0.0 to 4.12.0 a high severity vulnerability CVE-2026-29193 was detected. This vulnerability allows attackers to bypass login behavior and security policies in the Login V2 UI, enabling self-registration of new accounts or signing in with a password even if these options were disabled in their organization. To address this issue, users should upgrade ZITADEL to version 4.12.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29193.
Read more Developer ToolsIn ZITADEL versions 4.0.0 to 4.11.1 a high severity vulnerability CVE-2026-29192 was detected. This vulnerability allows attackers to perform a stored cross-site scripting (XSS) attack via the Default URI Redirect in the Login V2 interface, potentially leading to account takeover. To address this issue, users should upgrade ZITADEL to version 4.12.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29192.
Read more Developer ToolsIn ZITADEL versions 4.0.0 to 4.11.1 a critical severity vulnerability CVE-2026-29191 was detected. This vulnerability allows attackers to perform a cross-site scripting (XSS) attack in the /saml-post endpoint of the Login V2 interface, potentially enabling a 1-click account takeover. To address this issue, users should upgrade ZITADEL to version 4.12.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29191.
Read more Developer ToolsIn Istio versions prior to 1.29.1, 1.28.5, and 1.27.8 a high severity vulnerability CVE-2026-31837 was detected. This vulnerability allows attackers to access hardcoded default key material if the JWKS resolver becomes unavailable or the fetch fails, regardless of the use of the RequestAuthentication resource. To address this issue, users should upgrade Istio to versions 1.29.1, 1.28.5 or 1.27.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-31837.
Read more Communication and Collaboration Communication NewsflashIn changedetection.io versions prior to 0.54.4 a critical severity vulnerability CVE-2026-29065 was detected. This vulnerability allows attackers to overwrite arbitrary files via path traversal in the backup restore functionality by uploading crafted ZIP archives (Zip Slip). To address this issue, users should upgrade changedetection.io to version 0.54.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29065.
Read more MonitoringIn changedetection.io versions prior to 0.54.4 a medium severity vulnerability CVE-2026-29039 was detected. This vulnerability allows attackers to read arbitrary files on the server by supplying malicious XPath expressions using the unparsed-text() function via the include_filters field. To address this issue, users should upgrade changedetection.io to version 0.54.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29039.
Read more Monitoring