In Qdrant versions 1.9.3 through before 1.16.0 a high severity vulnerability CVE-2026-25628 was detected. This vulnerability allows attackers with minimal (read-only) privileges to append data to arbitrary files via the `/logger` endpoint by controlling the `on_disk.log_file` path, potentially leading to further system compromise. To address this issue, users should upgrade Qdrant to version 1.16.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25628.
Read more Machine LearningIn Zulip versions 5.0 through before 11.5 a low severity vulnerability CVE-2026-24050 was detected. This vulnerability allows attackers to perform stored cross-site scripting (XSS) via crafted group or channel names in the user profile modal, potentially executing malicious scripts when a user interacts with the affected object. To address this issue, users should upgrade Zulip to version 11.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24050.
Read more CommunicationIn Kanboard versions prior to 1.2.50 a medium severity vulnerability CVE-2026-24885 was detected. This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) against the `changeUserRole` action in the `ProjectPermissionController` due to improper enforcement of the `application/json` Content-Type, potentially enabling unauthorized modification of project user roles if an authenticated administrator visits a malicious site. To address this issue, users should upgrade Kanboard to version 1.2.50 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24885.
Read more Project ManagementIn Gogs versions up to and including 0.13.3 a high severity vulnerability CVE-2026-24135 was detected. This vulnerability allows authenticated users with write access to a repository’s wiki to exploit a path traversal issue in the `updateWikiPage` function by manipulating the `old_title` parameter, enabling deletion of arbitrary files on the server. To address this issue, users should upgrade Gogs to versions 0.13.4, 0.14.0+dev, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24135.
Read more Developer ToolsIn Gogs versions up to and including 0.13.3 a high severity vulnerability CVE-2026-23633 was detected. This vulnerability allows attackers to exploit a path traversal issue in Git hook editing, enabling arbitrary file read and write operations on the server. To address this issue, users should upgrade Gogs to versions 0.13.4, 0.14.0+dev, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-23633.
Read more Developer ToolsIn Gogs versions up to and including 0.13.3 a medium severity vulnerability CVE-2026-23632 was detected. This vulnerability allows attackers with read-only repository permissions to modify repository contents due to missing write permission enforcement in the `PUT /repos/:owner/:repo/contents/*` endpoint, resulting in unauthorized commit creation and git push execution. To address this issue, users should upgrade Gogs to versions 0.13.4, 0.14.0+dev, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-23632.
Read more Developer ToolsIn Gogs versions up to and including 0.13.3 a medium severity vulnerability CVE-2026-22592 was detected. This vulnerability allows authenticated users to trigger a denial-of-service condition by deleting a repository file prior to synchronization, causing the application to crash. To address this issue, users should upgrade Gogs to versions 0.13.4, 0.14.0+dev, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-22592.
Read more Developer ToolsIn NGINX OSS and NGINX Plusfrom versions 1.3.0 before 1.29.5 a medium severity vulnerability CVE-2026-1642 was detected when configured to proxy to upstream TLS servers. This vulnerability allows an attacker with a man-in-the-middle (MITM) position on the upstream server side, under certain conditions, to inject plain text data into responses from the proxied upstream server. To address this issue, users should upgrade to version 1.28.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1642.
Read more Application DevelopmentIn pgAdmin 4 versions before 9.11 a high severity vulnerability CVE-2026-1707 was detected. This vulnerability allows attackers with access to the pgAdmin web interface to bypass restore restrictions by disclosing and abusing the `\restrict` key during a restore operation from PLAIN-format dump files, resulting in arbitrary command execution on the pgAdmin host. To address this issue, users should upgrade pgAdmin 4 to version 9.11 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1707.
Read more Database