In Graylog version 2.2.3 a high severity vulnerability CVE-2026-1436 was detected. This vulnerability allows authenticated users to access other users’ profiles without proper authorization due to an Insecure Direct Object Reference (IDOR) flaw in the API when modifying the user ID in the URL. Exploitation of this issue may expose sensitive information such as names, email addresses, internal identifiers, and last activity. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1436.
Read more Data AnalyticsIn Graylog version 2.2.3 a critical severity vulnerability CVE-2026-1435 was detected. This vulnerability allows an attacker to reuse previously issued session identifiers because the application does not properly invalidate old sessions after new logins. Exploitation of this issue may enable unauthorized access to the application, allowing interaction with the API or web interface and potential compromise of affected accounts. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1435.
Read more Data AnalyticsIn Gogs versions 0.13.4 and prior a medium severity vulnerability CVE-2026-25120 was detected. This vulnerability allows repository administrators to delete comments from other repositories by supplying arbitrary comment IDs due to missing repository ownership validation in the DeleteComment API. To address this issue, users should upgrade Gogs to version 0.14.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25120.
Read more Developer ToolsIn PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a high severity vulnerability CVE-2026-2005 was detected. This vulnerability allows a ciphertext provider to trigger a heap buffer overflow in the pgcrypto extension, potentially leading to arbitrary code execution as the operating system user running the database. To address this issue, users should upgrade PostgreSQL to versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2005.
Read more SecurityIn PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a high severity vulnerability CVE-2026-2004 was detected. This vulnerability allows an object creator to execute arbitrary code as the operating system user running the database due to missing validation of input types in the intarray extension selectivity estimator function. To address this issue, users should upgrade PostgreSQL to versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2004.
Read more SecurityIn PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a medium severity vulnerability CVE-2026-2003 was detected. This vulnerability allows a database user to disclose portions of server memory due to improper validation of the “oidvector” type, which may expose sensitive information under certain conditions. To address this issue, users should upgrade to PostgreSQL versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2003.
Read more SecurityIn Traefik versions prior to 3.6.8 a high severity vulnerability CVE-2026-25949 was detected. This vulnerability allows an unauthenticated attacker to bypass the entrypoint respondingTimeouts.readTimeout setting by sending the 8-byte Postgres SSLRequest (STARTTLS) prelude and stalling the connection, causing connections to remain open indefinitely and potentially leading to a denial-of-service condition. To address this issue, users should upgrade Traefik to version 3.6.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25949.
Read more SecurityIn PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a high severity vulnerability CVE-2026-2006 was detected. This vulnerability allows a database user to issue crafted queries that trigger a buffer overrun due to missing validation of multibyte character length in text manipulation functions, potentially leading to arbitrary code execution as the operating system user running the database. To address this issue, users should upgrade PostgreSQL to versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2006.
Read more SecurityIn Mattermost versions 11.1.x up to and including 11.1.2, 10.11.x up to and including 10.11.9, 11.2.x up to and including 11.2.1 and Mattermost Plugin Zoom versions up to and including 1.11.0 a medium severity vulnerability CVE-2026-0997 was detected. This vulnerability allows authenticated users to modify Zoom meeting restrictions for arbitrary channels via crafted API requests due to insufficient validation of the authenticated user in the /plugins/zoom/api/v1/channel-preference endpoint. To address this issue, users should upgrade Mattermost and the Mattermost Zoom Plugin to versions 11.3.0, 11.1.3, 10.11.10 or 11.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-0997.
Read more Communication