In Django versions 1.10.x before 1.10.8 and 1.11.x before 1.11.5 a medium severity vulnerability CVE-2017-12794 was detected. This vulnerability allows an attacker to execute a cross-site scripting (XSS) attack because HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. This typically affects environments where “DEBUG = True” is enabled. To address this issue, users should upgrade Django to versions 1.10.8 or 1.11.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-12794.
Read more Application Development
In Gogs versions 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta a high severity vulnerability CVE-2014-8681 was detected. This vulnerability allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues due to a SQL injection flaw in the GetIssues function in models/issue.go. To address this issue, users should upgrade Gogs to version 0.5.6.1025 Beta. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-8681.
Read more Developer Tools
In GitLab versions 9.4.x before 9.4.2 a medium severity vulnerability CVE-2017-17716 was detected. This vulnerability allows attackers to potentially intercept LDAP credentials or perform Man-in-the-Middle (MitM) attacks because the application does not support LDAP SSL certificate verification. This occurred because code related to the verify_certificates LDAP option was not merged. To address this issue, users should upgrade GitLab to version 9.4.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-17716.
Read more Developer Tools
In Foreman versions since 1.5 a medium severity vulnerability CVE-2017-7505 was detected. This vulnerability allows users with user management permissions assigned to specific organizations to perform unauthorized operations on all administrator user objects outside of their scope, such as editing global admin accounts and changing their passwords, due to an incorrect authorization check. To address this issue, users should upgrade Foreman to version 1.15.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-7505.
Read more IT Business Management
In Django versions 6.0 before 6.0.5 and 5.2 before 5.2.14 a medium severity vulnerability CVE-2026-35192 was detected. This vulnerability allows a remote attacker to steal a user’s session after that user visits a cached public page due to session fixation. This occurs because response headers do not vary on cookies if a session is not modified, provided that SESSION_SAVE_EVERY_REQUEST is set to True. To address this issue, users should upgrade Django to versions 6.0.5 or 5.2.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35192.
Read more Application Development
In ArchiveBox versions 0.8.6rc0 and prior a critical severity vulnerability CVE-2026-42601 was detected. This vulnerability allows attackers to achieve Remote Code Execution (RCE) by injecting arbitrary tool arguments. This occurs because the /add/ endpoint accepts a config JSON field that is merged into the crawl configuration without validation and exported as environment variables when archive plugins run. At the time of publication, there are no publicly available patches; users should monitor for updates or apply appropriate mitigations. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42601.
Read more Utility
In EGroupware Enterprise Line (EPL) versions before 1.1.20140505, Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta a medium severity vulnerability CVE-2014-2987 was detected. This vulnerability allows remote attackers to hijack the authentication of administrators via multiple cross-site request forgery (CSRF) vectors. This enables attackers to create an administrator user or modify settings, which can be leveraged to execute arbitrary PHP code in conjunction with CVE-2014-2988. To address this issue, users should upgrade to versions 1.1.20140505 (EPL), 1.8.007.20140506 (Community Edition), or 14.1 beta. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-2987.
Read more Communication
In Drupal versions 8.x before 8.2.3 a medium severity vulnerability CVE-2016-9452 was detected. This vulnerability allows remote attackers to cause a denial of service (DoS) by sending a specially crafted URL that exploits the transliterate mechanism. To address this issue, users should upgrade Drupal to version 8.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-9452.
Read more Application Development
In Dolibarr ERP/CRM version 3.8.3 a low severity vulnerability CVE-2016-1912 was detected. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via the lastname, firstname, email, job, or signature parameters to htdocs/user/card.php, leading to Cross-Site Scripting (XSS). To address this issue, users should upgrade Dolibarr ERP/CRM to versions 3.8.3 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-1912.
Read more ERP