mysql: Information Schema unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with...

CVE-2026-41522 Iris has an Improper Authorization issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

BIT-JRE-2026-21925

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the madvise IOCTL in the drm xe driver not verifying the patindex boundary. This could lead to...

PT-2026-38246

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description A time-of-check/time-of-use TOCTOU race condition exists in the OpenShell filesystem bridge. This issue allows attackers to use symlink swaps during filesystem operations to bypass sandbox...

PT-2026-34796

In versions 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing authenticated users without the proper permissions to read apps-engine logs...

Oracle VM VirtualBox Core Component Memory Corruption Vulnerability

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. A memory corruption vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle memory operations and...

Oracle VM VirtualBox 安全漏洞

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. A memory corruption vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle memory operations and...

Ghost SQL注入漏洞

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 3.24.0 to 6.19.0 have SQL injection vulnerabilities. These vulnerabilities stem from unvalidated code, which may allow unauthorized attackers to execute arbitrary reads from the database...

CVE-2026-21971

Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft component: Purchasing. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM...

Oracle Utilities Applications security vulnerabilities

Oracle Utilities Applications is a technology platform for the utilities industry developed by Oracle, a company in the United States. Vulnerabilities exist in versions 4.4.0.3.0.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4, and 25.10 of the Oracle Utilities Application Framework. These...

Oracle PeopleSoft security vulnerabilities

Oracle PeopleSoft is a corporate human capital management solution developed by Oracle Corporation in the United States. This product offers functions such as human capital management, financial management, and supplier relationship management. PeopleSoft Enterprise HCM Human Resources is one of...

EUVD-2026-2803

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

EUVD-2025-1934

Malicious code in bioql PyPI...

CVE-2025-54249

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side requests and bypass security controls...

Claude Code 操作系统命令注入漏洞

Claude Code is an open source proxy coding tool from Anthropic. An operating system command injection vulnerability exists in versions of Claude Code prior to 1.0.4, which stems from an overly broad list of allowed security commands that could lead to unacknowledged file reads and network transfe...

GHSA-WJRX-6529-HCJ3 HashiCorp go-getter Vulnerable to Symlink Attacks

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

Linux Distros Unpatched Vulnerability : CVE-2025-50081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and...

Unspecified Vulnerability in Oracle Fusion Middleware (CNVD-2025-24091)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. WebLogic Server is one of the application server components for cloud and traditional...

Oracle MySQL Access Control Error Vulnerability

Oracle MySQL is an open source relational database management system.MySQL Client is a MySQL client, a program used to communicate with a server to process information in a database managed by the server. An access control error vulnerability in Oracle MySQL's MySQL Client versions 8.0.0 through...