Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    26 Jun 2026 DevOps
    HAProxy: Integer Overflow and Response Smuggling in FCGI Parser

    In HAProxy versions through 3.4.0 a high severity vulnerability CVE-2026-55203 was detected. This vulnerability allows a malicious FastCGI backend to desynchronize the FCGI framing parser, potentially leading to request routing errors, response smuggling, or memory safety issues. This occurs due to an integer overflow in the fcgi_conn structure’s drl field. Specifically, when contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and a buffer misparse. To address this issue, users should upgrade HAProxy to a patched version 3.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-55203.

    Read more
    Application Development
    25 Jun 2026 Data Management and Analytics
    NocoDB: Improper Session Management via Persistent Refresh Tokens During Password Recovery

    In NocoDB versions prior to 2026.05.1 a medium severity vulnerability CVE-2026-53928 was detected. This vulnerability allows an attacker in possession of a stolen refresh token to maintain unauthorized access by minting new JSON Web Tokens (JWTs), even after the victim has completed a password recovery flow. This occurs because the passwordForgot process fails to delete the user’s active refresh tokens—unlike standard password change or reset flows—leaving them valid for exchange. To address this issue, users should upgrade NocoDB to version 2026.05.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-53928.

    Read more
    Database
    25 Jun 2026 DevOps
    GitLab EE: Information Disclosure via Missing Authorization

    In GitLab EE versions 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 a low severity vulnerability CVE-2026-3176 was detected. This vulnerability allows an authenticated user with limited permissions to gain unauthorized access to project information. This occurs due to missing or insufficient authorization checks under certain conditions. To address this issue, users should upgrade GitLab EE to versions 18.11.6, 19.0.3, or 19.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3176.

    Read more
    Developer Tools
    25 Jun 2026 Data Management and Analytics
    vLLM: Denial of Service via Unvalidated Multimodal Embeddings

    In vLLM versions 0.10.2 to before 0.13.0 a high severity vulnerability CVE-2026-56340 was detected. This vulnerability allows an attacker to cause a Denial of Service (DoS) through crashes or resource exhaustion, with the potential for out-of-bounds memory corruption. This occurs because the multimodal embeddings processing lacks proper sparse tensor validation. When the prompt-embeds feature is enabled, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices. Because PyTorch disables sparse tensor invariant checks by default, these malicious tensors bypass validation. This flaw is a continuation of CVE-2025-62164, where the initial fix only disabled the feature by default instead of addressing the root cause. To address this issue, users should upgrade vLLM to version 0.13.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-56340.

    Read more
    Machine Learning
    25 Jun 2026 Infrastructure and Network
    Traefik: Authentication Bypass via Fail-Open on Unresolved Auth-Secret

    In Traefik versions 3.7.0-ea.1 to before 3.7.5 a medium severity vulnerability CVE-2026-54762 was detected. This vulnerability allows an unauthenticated attacker to access backend services that were intended to be protected, leading to an authentication bypass. This occurs in the Kubernetes Ingress NGINX provider due to a fail-open behavior. When an Ingress explicitly enables BasicAuth or DigestAuth through annotations, but the referenced auth-secret cannot be resolved or parsed (e.g., it is missing, malformed, or policy-denied), Traefik logs the error and skips installing the authentication middleware, while still routing traffic to the backend service. To address this issue, users should upgrade Traefik to version 3.7.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-54762.

    Read more
    Security
    25 Jun 2026 DevOps
    Gogs: Unauthenticated Information Disclosure via Teams API Endpoint

    In Gogs versions prior to 0.14.3 a medium severity vulnerability CVE-2026-52815 was detected. This vulnerability allows an unauthenticated attacker to view sensitive organizational data, resulting in information disclosure. This occurs because the GET /api/v1/orgs/:orgname/teams endpoint lacks the necessary reqToken() middleware and performs no authentication checks within the listTeams() handler. As a result, anyone can retrieve team IDs, names, descriptions, and permission levels for any organization. To address this issue, users should upgrade Gogs to version 0.14.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-52815.

    Read more
    Developer Tools
    24 Jun 2026 Data Management and Analytics
    MongoDB Server: Use-After-Free in Server-Side JavaScript BSON-to-Array Conversion

    In MongoDB Server versions 8.3.0 through 8.3.3, 8.2.0 through 8.2.10, 8.0.0 through 8.0.25, 7.0.0 through 7.0.36, 6.0.0 through 6.0.28, 5.0.0 through 5.0.33, 4.4.0 through 4.4.30 a high severity vulnerability CVE-2026-11933 was detected. This vulnerability allows an authenticated user with read privileges to cause a Denial of Service (DoS) or disclose sensitive information from the mongod process memory. This occurs due to a Use-After-Free (UAF) flaw in the server-side JavaScript engine when converting BSON documents to JavaScript arrays. By executing server-side JavaScript (for example, via the $where or $function operators), an attacker can trigger the server to access memory that has already been freed. To address this issue, users should upgrade MongoDB Server to a patched version 8.3.x, 8.2.11, or 8.0.26 (or later), 7.0.37 (or later). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-11933.

    Read more
    Database
    24 Jun 2026 Infrastructure and Network
    RustDesk Client: Local Security Bypass via Unauthenticated Strategy Payloads

    In RustDesk Client versions up to, including, 1.4.5 on Windows, MacOS, Linux, iOS, Android, and WebClient a high severity vulnerability CVE-2026-30792 was detected. This vulnerability allows an attacker to bypass local security settings and manipulate Application API messages via a Man-in-the-Middle (MitM) attack. This occurs because the client blindly merges unauthenticated strategy payloads received during synchronization. Specifically, the strategy merge loop (in src/hbbs_http/sync.Rs) and the Config::set_options() engine fail to properly authenticate or validate incoming configuration payloads before applying them. To address this issue, users should upgrade RustDesk Client to a patched version 1.4.6 or newer. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-30792.

    Read more
    Networking
    24 Jun 2026 Data Management and Analytics
    MariaDB Server: Information Disclosure of Stored Routine Definitions via Roles

    In MariaDB Server versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1 a medium severity vulnerability CVE-2026-44169 was detected. This vulnerability allows an authenticated user to gain unauthorized visibility into stored routine definitions, leading to information disclosure. This occurs because if a user is granted EXECUTE access to a stored routine via a role, the system improperly permits them to see the routine’s definition, even if they lack the explicitly required SHOW CREATE ROUTINE privilege. To address this issue, users should upgrade MariaDB Server to versions 11.4.11, 11.8.7, or 12.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-44169.

    Read more
    Database
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}