CVE-2026-23631 affecting package valkey for versions less than 8.0.9-1

CVE-2026-23631 affecting package valkey for versions less than 8.0.9-1. A patched version of the package is available...

CVE-2026-22004 affecting package mysql for versions less than 8.0.46-1

CVE-2026-22004 affecting package mysql for versions less than 8.0.46-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-21964 affecting package mysql for versions less than 8.0.45-1

CVE-2026-21964 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-21948 affecting package mysql for versions less than 8.0.45-1

CVE-2026-21948 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

CVE-2025-8289 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the deleteassociatedfiles function. This makes it possible for unauthenticated attackers to inject a PHP Object. This...

CVE-2025-49220

An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method...

AZL-54327 CVE-2024-45337 affecting package cf-cli for versions less than 8.7.3-4

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-52414 CVE-2024-9681 affecting package mysql for versions less than 8.0.40-5

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

AZL-25805 CVE-2023-27535 affecting package mysql for versions less than 8.0.34-1

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

IBM DB2 < 8.2 Multiple Vulnerabilities (2) (deprecated)

Binary data 2349.prm...