In the Viet Contact plugin for WordPress versions up to and including 1.3.2 a medium severity vulnerability CVE-2026-1045 was detected. This vulnerability allows authenticated attackers with administrator-level permissions and above to perform stored cross-site scripting (XSS) by injecting arbitrary web scripts through improperly sanitized admin settings, which execute when a user accesses the affected pages. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1045.
Read more CMS Newsflash
In Umbraco CMS version 8.14.1 a medium severity vulnerability CVE-2021-47776 was detected. This vulnerability allows attackers to perform server-side request forgery (SSRF) by manipulating the baseUrl parameter in multiple dashboard and help controller endpoints, causing the server to initiate unauthorized requests to external hosts. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2021-47776.
Read more CMS Newsflash
In Traefik versions prior to 2.11.35 and 3.6.7 a medium severity vulnerability CVE-2026-22045 was detected. This vulnerability allows unauthenticated attackers to cause a denial of service by opening multiple ACME TLS-ALPN connections and stalling the handshake, indefinitely tying up goroutines and file descriptors when automatic certificate generation is enabled. To address this issue, users should upgrade Traefik to version 2.11.35 or 3.6.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-22045.
Read more Newsflash Infrastructure and Network Security
In Kimai versions prior to 2.46.0 a medium severity vulnerability CVE-2026-23626 was detected. This vulnerability allows authenticated attackers with export permissions to execute arbitrary method calls in malicious Twig templates, enabling the extraction of sensitive information such as environment variables, user password hashes, session tokens, and CSRF tokens. To address this issue, users should upgrade Kimai to version 2.46.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-23626.
Read more Project Management Newsflash Project and Agile Management
In Ghost versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3 a high severity vulnerability CVE-2026-22594 was detected. This vulnerability allows authenticated staff users to bypass the email-based two-factor authentication (2FA) mechanism, weakening account security and increasing the risk of unauthorized access. To address this issue, users should upgrade Ghost to versions 5.130.6 or 6.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-22594.
Read more CMS
In Istio versions through 1.28.2 a medium severity vulnerability CVE-2026-23766 was detected. This vulnerability allows attackers to manipulate firewall behavior by injecting custom iptables rules through the traffic.sidecar.istio.io/excludeInterfaces annotation, potentially altering network traffic handling within a pod. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-23766.
Read more Communication
In Mattermost versions 10.11.x up to and including 10.11.8 and prior to 11.2.0 a low severity vulnerability CVE-2025-14822 was detected. This vulnerability allows authenticated attackers to trigger a denial of service by exhausting CPU resources through a single HTTP request containing a post with thousands of space-separated tokens, exploiting quadratic complexity in the model.ParseHashtags function. To address this issue, users should upgrade Mattermost to versions 10.11.9 or 11.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14822.
Read more Communication
In Mattermost versions 10.11.x up to and including 10.11.8, 11.0.x up to and including 11.0.6, and 11.1.x up to and including 11.1.1 a medium severity vulnerability CVE-2025-14435 was detected. This vulnerability allows authenticated attackers to cause an application-level denial of service by triggering API errors that lead to unbounded component re-render loops, resulting in infinite re-renders and degraded application availability. To address this issue, users should upgrade Mattermost to versions 10.11.9, 11.1.2 or 11.0.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14435.
Read more Communication
In ZITADEL versions prior to 4.9.1 and 3.4.6 a medium severity vulnerability CVE-2026-23511 was detected. This vulnerability allows unauthenticated attackers to enumerate valid user accounts by probing the login interfaces and observing differences when iterating through usernames or user IDs. To address this issue, users should upgrade to ZITADEL versions 4.9.1 or 3.4.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-23511.
Read more Newsflash Developer Tools