Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    6 Mar 2026 Project and Agile Management
    Foreman: GraphQL API Permission Bypass

    In Foreman versions 1.22.0 and higher a high severity vulnerability CVE-2025-9572 was detected. This vulnerability allows low-privileged users to bypass access controls in the GraphQL API, enabling them to access metadata beyond their assigned permissions and potentially leading to unauthorized information disclosure. To address this issue, users should upgrade Foreman to versions 3.16.2 or 3.17.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9572.

    Read more
    IT Business Management
    6 Mar 2026 Business and Enterprise Solutions
    FreeScout: Predictable Authentication Token Allows Account Takeover

    In FreeScout versions prior to 1.8.206 a critical severity vulnerability CVE-2026-27637 was detected. This vulnerability allows attackers to compute predictable authentication tokens using `MD5(user_id + created_at + APP_KEY)`, enabling full account takeover, including administrative accounts, without requiring a password. To address this issue, users should upgrade FreeScout to version 1.8.206 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27637.

    Read more
    Customer Service
    6 Mar 2026 Business and Enterprise Solutions
    FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution

    In FreeScout versions prior to 1.8.206 a critical severity vulnerability CVE-2026-27636 was detected. This vulnerability allows authenticated users to upload `.htaccess` files on Apache servers with `AllowOverride All`, bypassing file upload restrictions and enabling remote code execution. To address this issue, users should upgrade FreeScout to version 1.8.206 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27636.

    Read more
    Customer Service
    6 Mar 2026 DevOps
    Gogs: DOM-Based Cross-Site Scripting via Milestone Name

    In Gogs versions prior to 0.14.2 a high severity vulnerability CVE-2026-26276 was detected. This vulnerability allows attackers to store malicious HTML or JavaScript payloads in a repository’s Milestone name, which can trigger a DOM-based Cross-Site Scripting (XSS) attack when another user selects that milestone on the New Issue page. To address this issue, users should upgrade Gogs to version 0.14.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26276.

    Read more
    Developer Tools
    5 Mar 2026 Communication and Collaboration
    Discourse: IDOR in Directory Items Endpoint Allows Unauthorized Access to Private User Fields

    In Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 a high severity vulnerability CVE-2026-26265 was detected. This vulnerability allows any user, including anonymous users, to retrieve private user field values from the directory by exploiting an IDOR in the `directory items` endpoint, bypassing visibility restrictions and potentially exposing sensitive information such as phone numbers or addresses. To address this issue, users should upgrade Discourse to versions 2025.12.2, 2026.1.1, 2026.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26265.

    Read more
    Communication
    5 Mar 2026 Communication and Collaboration
    Discourse: Policy Plugin Allows Unauthorized Post Policy Interaction and Information Disclosure

    In Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 a medium severity vulnerability CVE-2026-26207 was detected. This vulnerability allows any authenticated user to interact with policies on posts they do not have permission to view and to enumerate which posts have policies attached, due to missing access checks in the `discourse-policy` plugin. To address this issue, users should upgrade Discourse to versions 2025.12.2, 2026.1.1, 2026.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26207.

    Read more
    Communication
    5 Mar 2026 Communication and Collaboration
    Discourse: Patreon Webhook Signature Forgery Allows Unauthorized Pledge Manipulation

    In Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 a medium severity vulnerability CVE-2026-26078 was detected. This vulnerability allows an attacker to forge valid Patreon webhook signatures when the `patreon_webhook_secret` site setting is blank, enabling unauthorized creation, modification, or deletion of Patreon pledge data and triggering patron-to-group synchronization. To address this issue, users should upgrade Discourse to versions 2025.12.2, 2026.1.1, 2026.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26078.

    Read more
    Communication
    5 Mar 2026 Communication and Collaboration
    Discourse: Missing Webhook Token Validation Allows Unauthenticated Payload Forgery

    In Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 a medium severity vulnerability CVE-2026-26077 was detected. This vulnerability allows unauthenticated attackers to forge webhook payloads on several endpoints (SendGrid, Mailjet, Mandrill, Postmark, SparkPost) when no authentication token is configured, potentially inflating user bounce scores and causing legitimate user emails to be disabled. To address this issue, users should upgrade Discourse to versions 2025.12.2, 2026.1.1, 2026.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26077.

    Read more
    Communication
    5 Mar 2026 Communication and Collaboration
    Dolibarr ERP/CRM: SQL Injection via elemid Parameter in viewcat.php

    In Dolibarr ERP/CRM version 10.0.1 a high severity vulnerability CVE-2019-25452 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries via the `elemid` POST parameter in the `viewcat.php` endpoint, potentially exposing sensitive database information through error-based or time-based blind SQL injection. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2019-25452.

    Read more
    Communication
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}