mysql security update

An update is available for mysql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MySQL is a multi-user, multi-threaded SQL database server. It consists of the...

WordPress Schema & Structured Data for WP & AMP plugin < 1.60 - Unauthenticated Arbitrary Media Upload vulnerability

Unauthenticated Arbitrary Media Upload vulnerability discovered by 0xBassia in WordPress Plugin Schema & Structured Data for WP & AMP versions 1.60...

RockyLinux 9 : mysql:8.4 (RLSA-2026:25052)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25052 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026 CVE-2026-22001 mysq...

RockyLinux 9 : mysql (RLSA-2026:23332)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:23332 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026 CVE-2026-22001 mysq...

Exploit for CVE-2026-9067

POC & Xploit - Proof of Concept Directory Dokumentasi dan exp...

CVE-2026-11884 389-ds-base: 389-ds-base: heap buffer overflow in schema objectclass serialization due to missing oc_superior in size calculation

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

CVE-2026-11884 389-ds-base: 389-ds-base: heap buffer overflow in schema objectclass serialization due to missing oc_superior in size calculation

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

CVE-2026-11884

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

mysql: Information Schema unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with...

Moderate: Red Hat Security Advisory: mysql:8.4 security update

An update for the mysql:8.4 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

mysql: Information Schema unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with...

CVE-2026-44291

creationtimestamp| type| source ---|---|--- 2026-06-10 09:00:04+00:00| published-proof-of-concept| Telegram/ZHpMnVOz2cJfIOonPjLT3mqz43XsQAtrT-ty2tkYMtXDqE...

CVE-2026-9067 Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

WordPress plugin Schema and Structured Data for WP and AMP 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

Security update for postgresql17

This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

CVE-2026-9617

A flaw was found in PostgreSQL Anonymizer. A user with specific table creation privileges can exploit this vulnerability by embedding malicious code within a column identifier when creating a table. If a superuser subsequently invokes the k-anonymity function, the embedded malicious code is...

RHEL 9 : mysql (RHSA-2026:23332)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23332 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDatabaseDialect, which is included in the public schema. A low-privileged user can elevate privileges to rdssuperuser by creating a malicious function that executes when another user connects t...

CVE-2026-3604

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...