484 matches found
JLSEC-2026-646 When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption...
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type and size, and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decodeheader. The...
JLSEC-2026-647 It is possible to cause an use-after-free write in SANM decoding with a carefully crafted...
It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...
CVE-2026-56027 WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...
Vertiv Liebert SiteScan Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...
Moderate: Red Hat Security Advisory: mysql:8.0 security update
An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHSA-2026:25110 Red Hat Security Advisory: .NET 8.0 security update
Bulletin has no description...
Unity Linux 20.1070e Security Update: mysql-connector-java (UTSA-2026-016694)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016694 advisory. Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/J. Supported versions that are affected are 8.0.15 and prior. Difficult to...
[SECURITY] Fedora 44 Update: mysql8.0-8.0.46-1.fc44
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
Fedora 42 : mysql8.0 (2026-b78d5204fe)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b78d5204fe advisory. MySQL 8.0.46 Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-46.html Known issue: s390x-specific issue - zlib with DFLTCC...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
CVE-2026-8199 Post-auth memory exhaustion via bitwise match expressions
An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0 versions prior to...
2026-05 .NET 8.0.27 Security Update for x64 Client (KB5093447)
2026-05 .NET 8.0.27 Security Update for x64 Client KB5093447...
Microsoft .NET 输入验证错误漏洞
Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and transparency in networking. There is an input validation vulnerability in Microsoft .NET. Attackers c...
MongoDB Ops Manager 命令注入漏洞
MongoDB Ops Manager is a solution developed by the American company MongoDB, designed for managing, monitoring, and backing up MongoDB deployments. MongoDB Ops Manager has a command injection vulnerability, which stems from executing arbitrary commands when configuring Webhooks. The following...
CLSA-2025-1751461369 mysql: Fix of 27 CVEs
Update to MySQL 8.0.42 - CVEs fixed: CVE-2025-21574 CVE-2025-21577 CVE-2025-21579 CVE-2025-21581 CVE-2025-21584 CVE-2025-21585 CVE-2025-30681 CVE-2025-30682 CVE-2025-30683 CVE-2025-30684 CVE-2025-30688 CVE-2025-30689 CVE-2025-30695 CVE-2025-30703 CVE-2025-30705 CVE-2025-30710 CVE-2025-30715...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017739)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017739 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017731)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017731 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017679)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017679 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017790)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017790 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.22 and prior. Easily exploitable...