Astra Linux - уязвимость в mariadb-10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. The supported versions affected are 5.7.33 and earlier, as well as 8.0.23 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromi...

CVE-2026-39603

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Request Forgery.This issue affects Grand Photography: from n/a through = 5.7.8...

CVE-2026-33171 Statamic has a path traversal in file dictionary fieldtype

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary .json, .yaml, and .csv files from the server by manipulating the file dictionary's filename configuration parameter in the fieldtype's...

Statamic affected by privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...

CVE-2025-69099

Deserialization of Untrusted Data vulnerability in fuelthemes North north-wp allows Object Injection.This issue affects North: from n/a through = 5.7.5...

EUVD-2025-199903

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...

EUVD-2025-199906

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset...

OrangeHRM 授权问题漏洞

OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. An authorization issue vulnerability exists in OrangeHRM versions 5.0 through 5....

WordPress Eduma theme <= 5.7.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Eduma versions = 5.7.6...

AZL-67808 CVE-2025-59362 affecting package squid 5.7-5

Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c...

PT-2024-27376 · WordPress · Wp Scraper

Name of the Vulnerable Software and Affected Versions: WP Scraper versions 5.7 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This issue allows an attacker to forge requests from the server, potentially leading to unauthorized access to internal resources...

CDeX 安全漏洞

CDeX is a free software package from CDeX Inc. for extracting digital audio from audio CDs and converting audio formats for Microsoft Windows. A security vulnerability exists in CDeX 5.7.1 and earlier versions that stems from the presence of a weak password recovery mechanism that allows retrieva...

mysql: Client programs unspecified vulnerability (CPU Jul 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

mysql: Server: Replication unspecified vulnerability (CPU Jul 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

SUSE CVE-2020-14547

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

SUSE CVE-2021-2171

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

SUSE CVE-2021-35624

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

SUSE CVE-2017-3257

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

SUSE CVE-2017-10320

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

SUSE CVE-2018-2818

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Security : Privileges. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via...