mysql: mariadb: InnoDB unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Yokogawa CENTUM VP

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for...

GHSA-GVRJ-CJCH-728P Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster

Impact Any Juju controller since 3.2.0. An attacker with only route-ability to the target juju controller Dqlite cluster endpoint may join the Dqlite cluster, read and modify all information, including escalating privileges, open firewall ports etc. This is due to not checking the client...

Ella Core 输入验证错误漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Prior to version 1.8.0 of Ella Core, there was a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation in the PUT...

PT-2026-29892

Name of the Vulnerable Software and Affected Versions Hirschmann HiEOS devices versions prior to 01.1.00 Description Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass in the HTTPS management module. Attackers can gain administrative access by sending specially...

Ubuntu: Security Advisory (USN-8139-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-7XXH-373W-35VG Payload has an SQL Injection via Query Handling

Impact Certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. Patches This issue has been fixed in v3.79.1 and later. Query input validation has been hardened. Upgrade to v3.79...

CVE-2026-34747

Payload CMS prior to version 3.79.1 contains an input validation flaw that allows crafting requests to influence SQL query execution in collection data. The vulnerability affects the free, open-source headless CMS (Payload CMS) and arises from improper validation of certain request inputs. This c...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the ExternalDataInfo function. An attacker can cause system unavailability, limited information disclosure, or dat...

USN-8138-1 rust-tar vulnerability

It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, a...

MAL-2026-2400 Malicious code in kube-node-health (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 391555cff14c82156843bee267daf896c3e3e989b9c899ef34b12ac7e23b1c7e During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

CVE-2026-4947

Addressed a potential insecure direct object reference IDOR vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially...

VulnCheck KEV: CVE-2025-71257

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...

EUVD-2026-17382

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

EUVD-2026-17375

OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content...

CVE-2026-32976

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

Exploit for Missing Authentication for Critical Function in Projectsend

ProjectSend CVE-2024-11680 Exploit This is a proof-of-concept...

CVE-2026-32976 OpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel Commands

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

CVE-2026-32921 OpenClaw < 2026.3.8 - Script Content Modification via Mutable Operand Binding in system.run

OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content...

CVE-2026-32921

OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content...