9 matches found
CVE-2026-8843
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
GHSA-PQ7P-MC74-G65W PocketBase vulnerable to account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade
A pre-hijacking issue was discovered with the OAuth2 autolinking by Alardiians. In some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When the...
AZL-74778 CVE-2026-0992 affecting package libxml2 for versions less than 2.10.4-10
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to...
Fedora 42 : dotnet9.0 (2025-e9c0b9e1b4)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e9c0b9e1b4 advisory. This is the October 2025 release of .NET 9, updating the SDK to version 9.0.111 and runtime to version to 9.0.10. Release Notes: - SDK:...
AZL-50538 CVE-2024-21166 affecting package mysql for versions less than 8.0.40-1
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
DEBIAN-CVE-2024-34507
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges%1b0000000...
Mozilla: Type confusion for special arguments in IonMonkey
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR 78.1, Firefox 79, and Thunderbird 78.1...
Mozilla: Potential leak of redirect targets when loading scripts in a worker
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...
vim: command execution via scripts not sanitizing inputs to execute and system
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using 1 filetype.vim, 3 xpm.vim, 4 gzipvim, and 5 netrw. NOTE: the...