In GitLab CE/EE versions 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 a medium severity vulnerability CVE-2026-8144 was detected. This vulnerability allows an authenticated user with project membership to enumerate private group members due to missing authorization checks. To address this issue, users should upgrade GitLab CE/EE to versions 18.9.7, 18.10.6, or 18.11.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-8144.
Read more Developer Tools
In Jenkins versions through 2.93 a low severity vulnerability CVE-2017-17383 was detected. This vulnerability allows remote authenticated administrators to conduct Cross-Site Scripting (XSS) attacks by injecting a specially crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin. To address this issue, users should upgrade Jenkins to version 2.94. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-17383.
Read more Developer Tools
In Drupal versions before 8.2.2 a medium severity vulnerability CVE-2017-6381 was detected. This vulnerability allows attackers to achieve remote code execution due to a flaw in a 3rd party development library (PHPUnit) included with Drupal 8 development dependencies. While mitigated by default .htaccess protections against PHP execution and the fact that development dependencies are not normally installed in production, users can further protect themselves by removing the vendor/phpunit directory. To address this issue, users should upgrade Drupal to version 8.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-6381.
Read more Application Development
In Argo Workflows versions prior to 3.7.14 and 4.0.5 a high severity vulnerability CVE-2026-42294 was detected. This vulnerability allows an unauthenticated attacker to cause an Out-Of-Memory (OOM) crash and denial of service (DoS) by sending an extremely large request body to the /api/v1/events/ endpoint. This occurs because the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. To address this issue, users should upgrade Argo Workflows to versions 3.7.14 or 4.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42294.
Read more Application Development
In Ansible versions before 1.9.2 a high severity vulnerability CVE-2015-6240 was detected. This vulnerability allows local users to escape a restricted environment (such as a chroot, jail, or zone) via a symlink attack targeting the chroot, jail, and zone connection plugins. To address this issue, users should upgrade Ansible to version 1.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2015-6240.
Read more IT Business Management
In Fluentd versions 0.12.29 through 0.12.40 a high severity vulnerability CVE-2017-10906 was detected. This vulnerability allows an attacker to change the terminal UI or execute arbitrary commands on the device via an escape sequence injection through unspecified vectors. To address this issue, users should upgrade Fluentd to version 0.12.41 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-10906.
Read more Data Analytics
In Dolibarr ERP/CRM versions before 5.0.3 a high severity vulnerability CVE-2017-9435 was detected. This vulnerability allows attackers to execute arbitrary SQL commands due to a SQL injection flaw in the search_supervisor and search_statut parameters within the user/index.php file. To address this issue, users should upgrade Dolibarr ERP/CRM to version 5.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-9435.
Read more ERP
In Etherpad versions before 1.6.1 a medium severity vulnerability CVE-2015-4085 was detected. This vulnerability allows attackers to access arbitrary files via a directory traversal flaw in the node/hooks/express/tests.js file within the frontend tests component. To address this issue, users should upgrade Etherpad to version 1.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2015-4085.
Read more Communication
In Ansible versions 2.3.x before 2.3.3 and 2.4.x before 2.4.1 a medium severity vulnerability CVE-2017-7550 was detected. This vulnerability allows remote attackers to expose sensitive information, such as passwords, from a remote host’s logs due to a flaw in how parameters are passed to the jenkins_plugin module’s “params” argument. To address this issue, users should upgrade Ansible to versions 2.3.3 or 2.4.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-7550.
Read more IT Business Management