mysql: Thread Pooling unspecified vulnerability (CPU Jan 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with netwo...

Exploit for CVE-2025-2783

Chromium CVE-2025-2783: Sandbox Escape & Full-Chain RCE Exploi...

freerdp: FreeRDP heap-use-after-free

A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

PT-2026-29821

Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description A second-order SQL injection issue exists in the get all user threads function. The function constructs raw SQL queries using f-strings with unescaped thread IDs obtained from the database...

Important: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read...

ALSA-2026:6391 Moderate: mysql:8.4 security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21941 mysql: Optimizer unspecified vulnerability CPU Jan 2026...

Moderate: mysql:8.4 security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21941 mysql: Optimizer unspecified vulnerability CPU Jan 2026...

MiracleLinux 9 : mysql:8.4 (AXSA:2026-378:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-378:01 advisory. mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21941 mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21948 mysql:...

Exploit for CVE-2014-8361

Vuln Scanner - Advanced Network Security Scanner !Licenseht...

Discourse 访问控制错误漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that can be exploited by an attacker to retrieve the content of posts, threa...

curl: Use-After-Free race condition in url_move_hostname() via shared connection pool

Summary: In lib/url.c, urlconnreuseadjust calls urlmovehostname which frees conn-host.rawalloc and conn-host.encalloc via Curlsafefree and Curlfreeidnconvertedhostname after Curlcpoolfind has already released the connection pool lock. A second thread doing a concurrent pool lookup still holds tha...

Exploit for Improper Access Control in Apache Hugegraph

CVE-2024-27348: Apache HugeGraph RCE Advanced Sandbox Bypass...

SUSE CVE-2026-23400

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

CVE-2026-23400

A flaw was found in the Linux kernel's rustbinder component. A local user could potentially trigger a deadlock condition. This occurs when the setnotificationdone function is called while the proc lock is already held and the current thread is not a 'looper' a thread designed to handle specific...

CVE-2026-26073 EVerest: OCPP 1.6 heap corruption caused by lock-free insertion in event_queue

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

CVE-2026-32895

OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending system events from non-allowlisted sender...

CVE-2026-25083

GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages...

AlmaLinux 8 : mysql:8.0 (ALSA-2026:5580)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:5580 advisory. mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21941 mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21948 mysql: InnoD...

mysql:8.4 security update

An update is available for mecab-ipadic, rapidjson, module.rapidjson, module.mecab-ipadic, module.mecab, mecab. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...