CLEANSTART-2026-PV53006 Security fixes for CVE-2025-67030, CVE-2026-33811, CVE-2026-33814, CVE-2026-34479, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-6fmv-xxpf-w3cw, ghsa-72hv-8253-57qq applied in versions: 8.2.0-r0, 8.2.0-r1, 8.2.0-r2

Multiple security vulnerabilities affect the confluent-kafka package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-6QVV-PJ99-48QM @adonisjs/http-server has an Open Redirect vulnerability

Impact The response.redirect.back method in @adonisjs/http-server is vulnerable to open redirects. The method reads the Referer header from the incoming HTTP request and redirects to that URL without validating the host. An attacker who can influence the Referer header for example, by linking a...

Orval code injection vulnerability

Orval is an open-source interface development tool developed by Orval. Versions of Orval from 7.19.0 to 7.21.0, as well as versions before 8.2.0, have a code injection vulnerability. This vulnerability stems from incomplete escape handling in the jsStringEscape function, which may lead to code...

CVE-2025-11979

An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoD...

MongoDB Server 安全漏洞

MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server versions 7.0 up to and including 7.0.25, 8.0 up...

CVE-2024-3334

A security bypass vulnerability exists in the Removable Media Encryption RMEcomponent of Digital Guardian Windows Agents prior to version 8.2.0. This allows a user to circumvent encryption controls by modifying metadata on the USB device thereby compromising the confidentiality of the stored data...

AZL-60907 CVE-2024-7730 affecting package qemu for versions less than 8.2.0-16

A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtiosndpcmincb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

...

PT-2024-27766 · Pingcap · Tidb

Name of the Vulnerable Software and Affected Versions: PingCAP TiDB versions prior to 8.2.0 Description: A nil pointer dereference in PingCAP TiDB allows attackers to crash the application via expression.inferCollation. Recommendations: For versions prior to 8.2.0, update to version 8.2.0 or late...

UBUNTU-CVE-2024-20975

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

Atlassian Confluence Security Vulnerability

Atlassian Confluence is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi. A security vulnerability exists in Atlassian Confluence Data Center and Server that stems from the presence of a remot...

Unspecified Vulnerability in Oracle Enterprise Session Border Controller

Oracle Enterprise Session Border Controller E-SBC connects disparate Internet Protocol IP communications networks while mitigating security threats, resolving interoperability issues, and ensuring reliable communications. A security vulnerability exists in the File Upload component in Oracle...

Dell EMC Isilon OneFS Access Control Error Vulnerability

Dell EMC Isilon OneFS is a horizontally scalable storage system for unstructured data from Dell USA. An access control error vulnerability exists in Dell EMC Isilon OneFS versions prior to 8.2.0. The vulnerability arises from the network system or product not properly restricting access to...

DEBIAN-CVE-2019-0193

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debuggi...

Pydio Cross-Site Scripting Vulnerability

Pydio formerly known as AjaXplorer is a web-based remote file manager. The manager supports uploading and downloading files, online file editing, image previewing and more. In Pydio 8.2.0 and earlier versions. Line 48 of file /core/vendor/meenie/javascript-packer/example-inline.php and...

Brocade Fibre Channel SAN Product Brocade Fabric OS Cross-Site Scripting Vulnerability

Brocade Fibre Channel SAN products are all switch products of the American company Brocade Brocade, and Brocade Fabric OS FOS is a set of embedded systems running on them. A cross-site scripting vulnerability exists in the Web-based management interface of Brocade FOS versions prior to 7.4.2b,...

CVE-2017-6227

A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS FOS versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service CPU consumption and device hang condition by sending crafted Router Advertisement RA messages to a...

Unspecified Vulnerability in CrushFTP

CrushFTP is a cross-platform Java FTP server from the U.S. CrushFTP company . A security vulnerability exists in CrushFTP versions prior to 7.8.0 and 8.x versions prior to 8.2.0. No detailed vulnerability details are provided at this time...

CVE-2017-14037

CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability...