CVE-2026-8405 IBM Guardium Data Protection is affected by Exposure of Sensitive Information vulnerability

IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" LTR can expose sensitive credentials in debug mode...

SUSE CVE-2026-40606

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

CVE-2026-40606

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

PYSEC-2026-92

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

CVE-2026-40606 ProxyAuth Addon LDAP Injection in mitmproxy

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

CVE-2026-40606

The CVE affects mitmproxy (and mitmweb as its web interface) where, in versions 12.2.1 and below, the built-in LDAP proxyauth authentication does not sanitize the username correctly when querying the LDAP server. This allows a malicious client to bypass authentication, but only for instances usin...

Linux Distros Unpatched Vulnerability : CVE-2026-40606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmprox...

GHSA-527G-3W9M-29HV mitmproxy has an LDAP Injection

Impact In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is n...

PT-2026-33226

Name of the Vulnerable Software and Affected Versions mitmproxy versions prior to 12.2.2 Description The builtin LDAP proxy authentication fails to correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. This issue only affects...

MariaDB 11.4.1 < 11.4.10 DoS

The version of MariaDB installed on the remote host is prior to 11.4.10. It is, therefore, affected by a vulnerability as referenced in the GHSA-4rj5-2227-9wgc advisory. - MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before...

DEBIAN-CVE-2026-32710

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...

CVE-2026-32710

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...

CVE-2026-32710

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...

CVE-2026-32710

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...

CVE-2026-32710 Heap-based Buffer Overflow in MariaDB

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...

PT-2026-26661

Name of the Vulnerable Software and Affected Versions MariaDB versions 11.4 prior to 11.4.10 MariaDB versions 11.8 prior to 11.8.6 Description An authenticated user can cause a server crash due to a buffer overflow in dynamic memory heap out-of-bounds write within the JSON SCHEMA VALID function...

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 12.2.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a...

CVE-2024-35239 Stored Cross-site Scripting on Components of Umbraco Forms

Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of th...

Umbraco Commerce 跨站脚本漏洞

Umbraco Commerce is an e-commerce solution from Umbraco, Denmark. A cross-site scripting vulnerability exists in Umbraco Commerce that stems from a stored cross-site scripting XSS vulnerability in a component of Umbraco Forms. Affected products and versions: Umbraco Commerce versions prior to...

GitLab Information Disclosure Vulnerability (CNVD-2020-10496)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An information disclosure vulnerability exists in GitLab versions 12.2.2 and earlier. The...