CVE-2026-45284 Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

GHSA-XG82-2HRV-HF64 Snipe-IT has insecure permissions in file uploads

Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component Impact Users who can view assets, consumables, etc we...

Rocket.Chat 访问控制错误漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Vulnerabilities in access control existed in versions prior to 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10. These vulnerabilities stem from spelling errors in the permission checks for the /api/apps/lo...

EUVD-2026-16324

path-to-regexp vulnerable to Denial of Service via sequential optional groups...

DEBIAN-CVE-2026-4926

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

CVE-2026-4923

Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

CVE-2026-4926

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

UBUNTU-CVE-2026-4926

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

CVE-2026-32423

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.4.0...

CVE-2026-23840

creationtimestamp| type| source ---|---|--- 2026-01-19 19:42:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcsfllxkv62w 2026-01-19 19:42:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcsfmapvdc2n 2026-01-19 22:03:07+00:00| seen|...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.4.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

...

CVE-2024-12417

The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...

METTLER TOLEDO FreeWeight.Net 安全漏洞

METTLER TOLEDO FreeWeight.Net is a weighing management software from METTLER TOLEDO USA. A security vulnerability exists in METTLER TOLEDO FreeWeight.Net version 8.4.0, which originates from reflective cross-site scripting and could lead to the injection of malicious script...

WordPress Simple Link Directory plugin <= 8.4.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Simple Link Directory versions = 8.4.0...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

OESA-2024-1933 mysql security update

The MySQLTM software delivers a very fast, multi-threaded, multi-user, and robust SQL Structured Query Language database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or...

AZL-50507 CVE-2024-21142 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

CVE-2024-37547

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.4.0...

Atlassian Confluence Security Vulnerability

Atlassian Confluence is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi. A security vulnerability exists in Atlassian Confluence Data Center and Server that stems from the presence of a remot...