Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017731)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017731 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...

CVE-2026-33304

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including associated patient...

CVE-2026-33302

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

CVE-2026-32238

OpenEMR CVE-2026-32238: A command injection vulnerability in the backup functionality affects versions prior to 8.0.0.2 due to insufficient input validation. An authenticated attacker could exploit this weakness. The issue is fixed in version 8.0.0.2. Remediation: upgrade to 8.0.0.2 or apply the ...

PT-2026-26344

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

ALSA-2026:4455 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.125 and .NET Runtime...

Suricata < 7.0.13 / 8.x < 8.0.2 Multiple Vulnerabilities

The version of OISF Suricata installed on the remote host is prior to 7.0.13 or 8.x prior to 8.0.2. It is, therefore, affected by multiple vulnerabilities, including: - Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata...

Linux Distros Unpatched Vulnerability : CVE-2025-64332

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 an...

UBUNTU-CVE-2025-64335

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64data. This issue has been patched in...

Arctera InfoScale 代码问题漏洞

Arctera InfoScale is a high-availability shared cloud storage solution from Arctera, Inc. that is designed to keep applications running in the event of an attack or outage. A security vulnerability exists in Arctera InfoScale versions 7.0 through 8.0.2 that stems from insecure deserialization cou...

WordPress WPCargo Track & Trace plugin <= 8.0.2 - Settings Change vulnerability

Settings Change vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WPCargo Track & Trace versions = 8.0.2...

SUSE CVE-2022-21322

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where th...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

...

CVE-2021-35584

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: ndbcluster/plugin DDL. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster...