GHSA-982W-2WQP-Q964 vulnerabilities

Vulnerabilities for packages: openjdk-11-openj9, openjdk-25-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-17-openj9, openjdk-8-openj9...

Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-26)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests wi...

@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-27903 via minimatch (>=8.0.2 <=8.0.4)

minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-27903 Source advisory: OSV:GHSA-7R86-CG39-JMMJ...

CVE-2025-13080 Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

com.farcsal.dql:query-es (=0.8.0), com.github.ben-manes.caffeine:simulator (>=3.0.4 <=3.0.5) +14 more potentially affected by CVE-2025-37727 via org.elasticsearch:elasticsearch (>=8.0.0-alpha1 <=8.18.7)

org.elasticsearch:elasticsearch MAVEN version =8.0.0-alpha1, =3.0.4, =1.2.0, =0.83.0, =7.23.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =1.6.es801.0, =1.7.es8184.0 and more Source cves: CVE-2025-37727 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-13517507...

EUVD-2018-6619

Malware in sbrugna...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: mysql (UTSA-2025-984841)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984841 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and...

EUVD-2021-6533

Malicious code in bioql PyPI...

EUVD-2021-6570

Malicious code in bioql PyPI...

mysql: mariadb: mysqldump unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

CVE-2016-3498 vulnerabilities

Vulnerabilities for packages: openjdk-11-openj9, openjdk-25-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-17-openj9, openjdk-8-openj9...

Oracle Financial Services Applications 安全漏洞

Oracle Financial Services Applications is a suite of financial services software from Oracle Corporation USA. The product includes core banking, online banking, and estate management.Financial Services Analytical Applications Infrastructure is one of the financial services analytical applications...

CVE-2021-1062

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...

📄 Cisco Smart Software Manager On-Prem 8-202206 Account Takeover

Cisco Smart Software Manager On-Prem versions 8-202206 and below account takeover proof of concept exploit. Exploit Title: Cisco SSM On-Prem; Account Takeover CVE-2024-20419 Google Dork: N/A Date: 21/07/2024 Exploit Author: Mohammed Adel Vendor Homepage: https://www.cisco.com Software Link:...

PT-2025-7798 · Novachron Zeitsysteme Gmbh & Co. Kg · Smart Time Plus

Name of the Vulnerable Software and Affected Versions: NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus versions 8.x through 8.6 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the addProject method in the "smarttimeplus/MySQLConnection" endpoint...

SUSE CVE-2023-3823

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...

Drupal core 8.0.0-10.2.10,10.3.0-10.3.8,11.0.0-11.0.7 - Unauthenticated Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type vulnerability discovered by Drew Webber in WordPress Core Drupal versions 8.0.0-10.2.10,10.3.0-10.3.8,11.0.0-11.0.7...

OESA-2023-1972 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic...

UBUNTU-CVE-2023-22068

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Security Bulletin: A CVE-2023-21967 vulnerability in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary A vulnerability exists in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21967...