CVE-2026-34317

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

CVE-2026-34318

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

UBUNTU-CVE-2026-34319

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

UBUNTU-CVE-2026-34318

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

CVE-2026-34319

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

CVE-2026-34319

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

CVE-2026-34319

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

CVE-2026-34318

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

CVE-2026-34318

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

CVE-2026-34317

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

CVE-2026-34317

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

EUVD-2026-24129

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

EUVD-2026-24086

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

CVE-2026-0972

CVE-2026-0972 concerns Fortra’s GoAnywhere MFT up to version 7.10.0. Connected sources document two concrete issues: 1) HTML injection in system-generated emails, and 2) the SFTP login limit is not enforced prior to 7.10.0 when a user logs in with an SSH key, potentially enabling brute-force key ...

CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

CVE-2025-14362

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

CVE-2026-40520

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

CVE-2026-40520

CVE-2026-40520 concerns the FreePBX API module (version 17.0.8 and earlier). The root cause is that the function initiateGqlAPIProcess() forwards GraphQL mutation input fields directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token can issue a Gr...