Lucene search
K

231 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.8 views

Oracle MySQL Server 8.4.x < 8.4.10 (June 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by a vulnerability as referenced in the June 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 8.4.0-8.4.9 and...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:54 a.m.8 views

CVE-2026-46860

Vulnerability in the MySQL Router product of Oracle MySQL component: Router: General. Supported versions that are affected are 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Router. Successful attacks of this...

9.8CVSS0.00508EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/15 7:54 a.m.16 views

mysql: Information Schema unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with...

4.3CVSS6.9AI score0.00243EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/10 8:3 p.m.31 views

CVE-2026-53634 Sharp: Missing Authorization Check in Quick Creation Command Endpoints

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

4.3CVSS0.00213EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 8:34 a.m.4 views

CVE-2026-42509 Apache Wicket: crafted strings can break out of the JavaScript sequence

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

6.1CVSS5.9AI score0.00357EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/23 6:25 a.m.5 views

CVE-2026-22002

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network...

4.9CVSS7.2AI score0.00323EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/21 8:35 p.m.4 views

CVE-2026-35234

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Partition. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

4.9CVSS7AI score0.00299EPSS
Exploits0
Snyk
Snyk
added 2026/04/09 6:31 p.m.8 views

Use of GET Request Method With Sensitive Query Strings

Overview org.apache.openmeetings:openmeetings-parent is a web-conferencing software. Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the REST login endpoint when sensitive information such as username and password is transmitted as...

8.7CVSS5.8AI score0.00509EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:31 p.m.7 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...

8.7CVSS5.8AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:31 p.m.5 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...

8.7CVSS5.8AI score0.00234EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 3:52 p.m.1 views

CVE-2026-33266

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...

5.9AI score0.00234EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.11 views

PT-2026-31639

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions prior to 9.0.0 Description A registered user can query a web service with their credentials and retrieve metadata id, type, name, and other fields from the FileItemDTO object for files and sub-folders of any folder...

5.8AI score0.00418EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/30 1:40 a.m.5 views

Malicious code in earthengine-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 367514ccbb2bca5ad75eda53d2890a583e465233d2b6915acffa09d299405277 The package earthengine-api was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
OSV
OSV
added 2026/02/26 8:53 a.m.6 views

BIT-VALKEY-2026-27623 Valkey has Pre-Authentication DOS from malformed RESP request

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...

7.5CVSS5.5AI score0.00353EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.8 views

CVE-2026-27608

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by...

9.3CVSS5.4AI score0.0022EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.7 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16630)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 9.0.0 through 9.5.0, which can be exploited by attackers to cause a denial ...

6.5CVSS5.8AI score0.00316EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/01/20 9:56 p.m.4 views

CVE-2026-21949

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

6.5CVSS6.6AI score0.00317EPSS
Exploits0
CVE
CVE
added 2026/01/13 10:51 p.m.12 views

CVE-2022-50805

Senayan Library Management System 9.0.0 (SLiMS) contains a SQL injection in the value of the class parameter. The root cause is unsafely constructed SQL queries that allow crafted payloads to manipulate database queries, potentially exfiltrating sensitive information. Exploitation is described as...

8.8CVSS7.5AI score0.00307EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.11 views

CVE-2021-22966

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group...

8.8CVSS7.2AI score0.00949EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/06 1:46 p.m.4 views

mysql: Optimizer unspecified vulnerability (CPU Jan 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network...

6.5CVSS7AI score0.00257EPSS
Exploits0References5
Rows per page
Query Builder