Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    24 Jun 2026 Business and Enterprise Solutions
    OpenVPN: Use-After-Free Leading to Memory Leak or RCE

    In OpenVPN versions 2.6.0 to 2.6.6 a critical severity vulnerability CVE-2023-46850 was detected. This vulnerability allows a remote attacker to cause undefined behavior, leak memory buffers, or potentially achieve Remote Code Execution (RCE). This occurs due to a Use-After-Free (UAF) flaw that is triggered when sending network buffers to a remote peer. To address this issue, users should upgrade OpenVPN to a patched version 2.6.8 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-46850.

    Read more
    CMS
    24 Jun 2026 Data Management and Analytics
    NocoDB: Server-Side Request Forgery (SSRF) and Scheme Abuse via base-migration Endpoint

    In NocoDB versions prior to 2026.05.1 a medium severity vulnerability CVE-2026-53930 was detected. This vulnerability allows an attacker to perform Server-Side Request Forgery (SSRF), probe internal HTTP destinations, and abuse URI schemes (such as file: or ftp:). This occurs because the base-migration endpoint accepts a caller-supplied URL that the migration worker dereferences without enforcing proper protocol or destination restrictions. To address this issue, users should upgrade NocoDB to version 2026.05.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-53930.

    Read more
    Database
    23 Jun 2026 Data Management and Analytics
    vLLM: Denial of Service (Crash) via Incorrect Tensor Shape in Speculative Decoding

    In vLLM versions 0.18.0 to before 0.20.0 a medium severity vulnerability CVE-2026-44223 was detected. This vulnerability allows an attacker to cause a Denial of Service (DoS) condition by crashing the server. This occurs because the extract_hidden_states speculative decoding proposer returns a tensor with an incorrect shape after the first decode step when a request in the batch includes sampling penalty parameters (such as repetition_penalty). This shape mismatch triggers a RuntimeError that immediately crashes the EngineCore process. To address this issue, users should upgrade vLLM to version 0.20.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-44223.

    Read more
    Machine Learning
    23 Jun 2026 Business and Enterprise Solutions
    WooCommerce: Remote Code Execution (RCE) via Unsanitized product-type Parameter

    In WooCommerce version 7.1.0 a critical severity vulnerability CVE-2022-50972 was detected. This vulnerability allows an attacker to execute arbitrary PHP code and write malicious PHP files directly to the web root. This occurs due to improper sanitization of the product-type parameter within the class-wc-meta-box-product-images.php endpoint, which permits the injection of shell commands. To address this issue, users should upgrade WooCommerce to a patched version 7.1.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-50972.

    Read more
    E-commerce
    23 Jun 2026 Infrastructure and Network
    RustDesk Client: Improper Certificate Validation Leading to AiTM

    In RustDesk Client versions up to, including 1.4.5 on Windows, MacOS, Linux, iOS, and Android a high severity vulnerability CVE-2026-30794 was detected. This vulnerability allows an attacker to perform Adversary in the Middle (AiTM) attacks and intercept sensitive communications. This occurs due to improper certificate validation in the HTTP API client; specifically, if an initial TLS handshake fails, the client attempts a retry using the danger_accept_invalid_certs(true) configuration in the TLS transport module, which silently accepts invalid TLS certificates. To address this issue, users should upgrade RustDesk Client to a patched version 1.4.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-30794.

    Read more
    Networking
    23 Jun 2026 Data Management and Analytics
    pgAdmin 4: SQL Injection in Dialog Templates

    In pgAdmin 4 versions 1.0 before 9.16 a high severity vulnerability CVE-2026-12044 was detected. This vulnerability allows an authenticated user to execute arbitrary SQL statements, and potentially achieve OS command execution if connected as a highly privileged role (e.g., a superuser using COPY ... TO/FROM PROGRAM). This occurs due to an SQL injection flaw across various dialog templates (such as Domains, Foreign Tables, Languages, and Event Triggers) that render COMMENT ON ... IS '<description>'. The Jinja templates interpolate user-supplied descriptions directly inside single-quoted SQL literals instead of safely passing them through the qtLiteral escape filter, allowing an attacker to break out of the literal using an apostrophe. While the injected SQL runs under the user’s existing database role and does not cross privilege boundaries, it bypasses application-layer restrictions placed on the Query Tool interface. To address this issue, users should upgrade pgAdmin 4 to version 9.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-12044.

    Read more
    Database
    23 Jun 2026 Data Management and Analytics
    GeoServer: Arbitrary File Write and Plaintext Master Password Disclosure

    In GeoServer versions prior to 2.26.4 and prior to 2.27.3 a high severity vulnerability CVE-2025-52465 was detected. This vulnerability allows an authenticated administrator to create files containing the master password in plaintext anywhere on the server’s file system. This occurs because the Master Password Dump web page fails to properly sanitize user input, allowing the submission of arbitrary absolute file paths. Installations where the web interface is disabled or removed are not affected. To address this issue, users should upgrade GeoServer to versions 2.26.4 or 2.27.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52465.

    Read more
    Database
    22 Jun 2026 Communication and Collaboration
    Discourse: Information Disclosure via Bot Debug Endpoints

    In Discourse versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1 a medium severity vulnerability CVE-2026-44779 was detected. This vulnerability allows unauthorized access to sensitive information. This occurs because the bot debug endpoints inadvertently disclose whisper translation audit logs. To address this issue, users should upgrade Discourse to versions 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-44779.

    Read more
    Communication
    22 Jun 2026 Communication and Collaboration
    Rocket.Chat: Unauthenticated Arbitrary File Deletion via DDP WebSocket

    In Rocket.Chat versions prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, and 7.10.13 a high severity vulnerability CVE-2026-48929 was detected. This vulnerability allows an unauthenticated attacker to permanently delete any uploaded file by its ID. This occurs because calling the deleteFileMessage Meteor method via an unauthenticated DDP WebSocket connection causes Meteor.userId() to return null, which improperly skips the authorization check. The execution then falls through to unconditionally remove the file from storage and the database using FileUpload.getStore('Uploads').deleteById(fileID). Because file IDs are easily discoverable via public channel message payloads and download URLs, an attacker can target and destroy specific files. To address this issue, users should upgrade Rocket.Chat to versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, or 7.10.13. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-48929.

    Read more
    Communication
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}