Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-26)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests wi...

CVE-2026-21968

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

mysql: mariadb: mysqldump unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

CVE-2024-7394 Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName()

Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName. A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v4.0 rank of 4.6 with vector...

BIT-TYPO3-2021-32669

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for backend layouts are not properly encoded, the corresponding grid view is vulnerable to...

SUSE CVE-2021-36978

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...

Grafana 跨站脚本漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. A cross-site scripting vulnerability exists in Grafana versions 8.x prior to 8.5.16 and 9.x...

Grafana Privilege Escalation Vulnerability (GHSA-rhxj-gh46-jvw8)

Grafana is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environmental data such as metadata and virtual environments. A security vulnerabilit...

CVE-2021-27001

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period...

CVE-2020-27359

A cross-site scripting XSS issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a messag...

Avaya IP Office Information Disclosure Vulnerability

Avaya IP Office is a small business phone system from Avaya, Inc. in the United States. A security vulnerability exists in the Web interface component in Avaya IP Office versions 9.x, 10.0 through 10.1.0.7, and 11.0 through 11.0.4.2. A local attacker could exploit the vulnerability to gain...

VMware Tools Local Elevation of Privilege Vulnerability

VMware Tools is a set of enhancements that come with VMware's VMWare virtual machines. It is a set of drivers provided by VMware to enhance the performance of virtual graphics cards and hard drives, as well as to synchronize the clocks of the virtual machines with those of the host computer. A...

EMC NetWorker Arbitrary Command Execution Vulnerability

EMC NetWorker, previously known as Legato NetWorker, is a cross-platform backup and recovery system. EMC NetWorker versions 8.2.1.x, 8.2.2.x 8.2.2.6 and 9.x 9.0.0.6 have an authentication processing error that could allow a remote attacker to execute arbitrary commands by accessing a different...

CVE-2016-2008

HPE Data Protector before 7.03108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors...

Acroread: Multiple code execution flaws (APSB10-09)

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0196...