In Django versions 6.0 before 6.0.2, 5.2 before 5.2.11 and 4.2 before 4.2.28 a high severity vulnerability CVE-2026-1207 was detected. This vulnerability allows remote attackers to perform SQL injection via raster lookups on `RasterField` (PostGIS) by manipulating the band index parameter, potentially compromising the database. To address this issue, users should upgrade Django to versions 6.0.2, 5.2.11, 4.2.28 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1207.
Read more Application DevelopmentIn NocoDB versions prior to 0.301.0 a medium severity vulnerability CVE-2026-24766 was detected. This vulnerability allows authenticated users with org-level-creator permissions to exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, causing all database write operations to fail application-wide until the server is restarted, resulting in a denial of service. To address this issue, users should upgrade NocoDB to version 0.301.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24766.
Read more DatabaseIn Django versions 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28 a high severity vulnerability CVE-2026-1287 was detected. This vulnerability allows attackers to perform SQL injection via control characters in column aliases when using `FilteredRelation` in combination with dictionary expansion passed to `QuerySet` methods such as `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`, potentially compromising the database. To address this issue, users should upgrade Django to version 6.0.2, 5.2.11, 4.2.28 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1287.
Read more Application DevelopmentIn EGroupware versions prior to 23.1.20260113 and 26.0.20260113 a high severity vulnerability CVE-2026-22243 was detected. This vulnerability allows authenticated attackers to inject arbitrary SQL commands into the WHERE clause of database queries due to improper handling of user input in the Nextmatch filter processing, caused by a PHP type juggling issue during JSON decoding. To address this issue, users should upgrade EGroupware to versions 23.1.20260113 or 26.0.20260113. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-22243.
Read more CommunicationIn LimeSurvey versions up to and including 4.3.10 a medium severity vulnerability CVE-2020-36993 was detected. This vulnerability allows attackers to inject malicious SVG scripts through the Survey Menu parameters, enabling the execution of arbitrary JavaScript in administrative contexts. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-36993.
Read more CommunicationIn NocoDB versions prior to 0.301.0 a high severity vulnerability CVE-2026-24769 was detected. This vulnerability allows authenticated attackers to upload malicious SVG files containing embedded JavaScript, which are later executed in the browsers of users who view the attachment, potentially leading to account compromise, data exfiltration, and unauthorized actions. To address this issue, users should upgrade NocoDB to version 0.301.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24769.
Read more DatabaseIn NocoDB versions prior to 0.301.0 a medium severity vulnerability CVE-2026-24768 was detected. This vulnerability allows attackers to perform unvalidated redirects via the `continueAfterSignIn` parameter in the login flow, potentially redirecting users to arbitrary external websites and enabling phishing attacks. To address this issue, users should upgrade NocoDB to version 0.301.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24768.
Read more DatabaseIn NocoDB versions prior to 0.301.0 a medium severity vulnerability CVE-2026-24767 was detected. This vulnerability allows attackers to perform blind Server-Side Request Forgery (SSRF) via unvalidated `HEAD` requests in the `uploadViaURL` functionality, enabling limited outbound requests to arbitrary URLs before SSRF protections are enforced. To address this issue, users should upgrade NocoDB to version 0.301.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24767.
Read more DatabaseIn Discourse versions prior to 3.5.4, 2025.11.2, 2025.12.1 and 2026.1.0 a high severity vulnerability CVE-2025-68934 was detected. This vulnerability allows authenticated users to trigger a denial of service by submitting crafted payloads to the /drafts.json endpoint, causing inefficient O(n²) processing in Base62.decode and tying up worker processes for extended periods. To address this issue, users should upgrade Discourse to versions 3.5.4, 2025.11.2, 2025.12.1 or 2026.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68934.
Read more Communication