In Code Snippets plugin for WordPress versions up to and including 3.9.4 a medium severity vulnerability CVE-2026-1785 was detected. This vulnerability allows unauthenticated attackers to perform Cross-Site Request Forgery (CSRF) against logged-in administrators, forcing them to download or update cloud snippets without their consent due to missing nonce validation in the `Cloud_Search_List_Table` class. To address this issue, users should upgrade Code Snippets plugin to version 3.9.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1785.
Read more CMSIn WP FOFT Loader plugin for WordPress versions up to and including 2.1.39 a high severity vulnerability CVE-2026-1756 was detected. This vulnerability allows authenticated attackers with Author-level access or higher to upload arbitrary files due to improper file type validation in the `WP_FOFT_Loader_Mimes::file_and_ext` function, potentially enabling remote code execution on the affected site. To address this issue, users should upgrade WP FOFT Loader plugin to version 2.1.40 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1756.
Read more CMSIn NGINX OSS and NGINX Plusfrom versions 1.3.0 before 1.29.5 a medium severity vulnerability CVE-2026-1642 was detected when configured to proxy to upstream TLS servers. This vulnerability allows an attacker with a man-in-the-middle (MITM) position on the upstream server side, under certain conditions, to inject plain text data into responses from the proxied upstream server. To address this issue, users should upgrade to version 1.28.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1642.
Read more Application DevelopmentIn Django versions 6.0 before 6.0.2, 5.2 before 5.2.11 and 4.2 before 4.2.28 a high severity vulnerability CVE-2025-14550 was detected. This vulnerability allows remote attackers to cause a potential denial-of-service by sending crafted ASGI requests containing multiple duplicate headers, which can lead to excessive resource consumption. To address this issue, users should upgrade Django to versions 6.0.2, 5.2.11, 4.2.28 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14550.
Read more Application DevelopmentIn Django versions 6.0 before 6.0.2, 5.2 before 5.2.11 and 4.2 before 4.2.28 a medium severity vulnerability CVE-2025-13473 was detected. This vulnerability allows remote attackers to perform username enumeration via a timing attack in the `django.contrib.auth.handlers.modwsgi.check_password()` function used for authentication with `mod_wsgi`. To address this issue, users should upgrade Django to versions 6.0.2, 5.2.11, 4.2.28 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13473.
Read more Application DevelopmentIn Dolibarr versions up to and including 11.0.3 a medium severity vulnerability CVE-2020-36966 was detected. This vulnerability allows attackers to inject malicious scripts via the LDAP synchronization settings, specifically through the `host`, `slave`, and `port` parameters in `/dolibarr/admin/ldap.php`, potentially enabling arbitrary JavaScript execution and theft of user cookie information. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-36966.
Read more ERPIn GitLab CE/EE versions 16.8 up to but not including 18.5.0 a low severity vulnerability CVE-2026-1751 was detected. This vulnerability could allow unauthorized users to edit merge request approval rules under certain conditions, potentially undermining workflow and approval integrity. To address this issue, users should upgrade GitLab CE/EE to version 18.5.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1751.
Read more Application DevelopmentIn OpenVPN versions 2.7_alpha1 through 2.7_rc5 a low severity vulnerability CVE-2025-15497 was detected. This vulnerability allows remote authenticated users to trigger an assertion failure due to insufficient epoch key slot processing, resulting in a denial of service. To address this issue, users should upgrade OpenVPN to version 2.7_rc5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-15497.
Read more SecurityIn NocoDB versions prior to 0.301.0 a medium severity vulnerability CVE-2026-24766 was detected. This vulnerability allows authenticated users with org-level-creator permissions to exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, causing all database write operations to fail application-wide until the server is restarted, resulting in a denial of service. To address this issue, users should upgrade NocoDB to version 0.301.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24766.
Read more Database