In authentik versions prior to 2025.8.6, 2025.10.4 and 2025.12.4 a high severity vulnerability CVE-2026-25922 was identified. This vulnerability allows an attacker to inject a malicious SAML assertion when using a SAML Source with the “Verify Assertion Signature” option enabled but “Verify Response Signature” disabled, or when the Encryption Certificate is not configured under Advanced Protocol settings. To address this issue, users should upgrade Authentik to versions 2025.8.6, 2025.10.4, 2025.12.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25922.
Read more SecurityIn GitLab CE/EE versions 18.6 up to but not including 18.6.6, 18.7 up to but not including 18.7.4, and 18.8 up to but not including 18.8.4 a medium severity vulnerability CVE-2026-1282 was detected. This vulnerability allows authenticated attackers to inject malicious content into project label titles due to improper neutralization of script-related HTML tags, potentially leading to cross-site scripting (XSS). To address this issue, users should upgrade GitLab CE/EE to versions 18.6.6, 18.7.4, 18.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1282.
Read more Developer ToolsIn GitLab CE/EE versions 18.4 up to but not including 18.6.6, 18.7 up to but not including 18.7.4, and 18.8 up to but not including 18.8.4 a high severity vulnerability CVE-2026-0958 was detected. This vulnerability allows unauthenticated attackers to cause a denial-of-service condition through memory or CPU exhaustion by bypassing JSON validation middleware limits. To address this issue, users should upgrade GitLab CE/EE to versions 18.6.6, 18.7.4, 18.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-0958.
Read more Developer ToolsIn Kanboard versions prior to 1.2.50 a medium severity vulnerability CVE-2026-25530 was detected. This vulnerability allows authenticated attackers to access swimlane data from projects they are not authorized to view due to a missing project-level authorization check in the `getSwimlane` API method. To address this issue, users should upgrade Kanboard to version 1.2.50 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25530.
Read more Project ManagementIn GitLab CE/EE versions 8.0 up to but not including 18.6.6, 18.7 up to but not including 18.7.4, and 18.8 up to but not including 18.8.4 a medium severity vulnerability CVE-2026-1458 was detected. This vulnerability allows unauthenticated attackers to cause a denial-of-service condition by uploading malicious files due to the allocation of resources without limits or throttling. To address this issue, users should upgrade GitLab CE/EE to versions 18.6.6, 18.7.4, 18.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1458.
Read more Developer ToolsIn GitLab CE/EE versions 18.7 up to but not including 18.7.4 and 18.8 up to but not including 18.8.4 a high severity vulnerability CVE-2026-1456 was detected. This vulnerability allows unauthenticated attackers to cause a denial-of-service through CPU exhaustion by submitting specially crafted Markdown files that trigger exponential processing in the Markdown preview. To address this issue, users should upgrade GitLab CE/EE to versions 18.7.4, 18.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1456.
Read more Developer ToolsIn GitLab EE versions 15.6 up to but not including 18.6.6, 18.7 up to but not including 18.7.4 and 18.8 up to but not including 18.8.4 a medium severity vulnerability CVE-2026-1387 was detected. This vulnerability allows authenticated attackers to cause a denial-of-service condition by uploading a malicious file and repeatedly querying it through GraphQL due to allocation of resources without limits or throttling. To address this issue, users should upgrade GitLab EE to versions 18.6.6, 18.7.4, 18.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1387.
Read more Developer ToolsIn Gogs versions up to and including 0.13.3 a critical severity vulnerability CVE-2025-64175 was detected. This vulnerability allows attackers to bypass two-factor authentication due to improper scoping of 2FA recovery codes by user, enabling cross-account reuse of valid recovery codes and resulting in full account takeover when a victim’s credentials are known. To address this issue, users should upgrade Gogs to versions 0.13.4, 0.14.0+dev or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64175.
Read more Developer ToolsIn PrestaShop versions prior to 8.2.4 and 9.0.3 a medium severity vulnerability CVE-2026-25597 was detected. This vulnerability allows attackers to perform time-based user enumeration in the front-office login form by measuring response time differences to determine whether a customer account exists. To address this issue, users should upgrade PrestaShop to versions 8.2.4, 9.0.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25597.
Read more E-commerce