Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-26)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests wi...

com.farcsal.dql:query-es (=0.8.0), com.github.ben-manes.caffeine:simulator (>=3.0.4 <=3.0.5) +14 more potentially affected by CVE-2025-37727 via org.elasticsearch:elasticsearch (>=8.0.0-alpha1 <=8.18.7)

org.elasticsearch:elasticsearch MAVEN version =8.0.0-alpha1, =3.0.4, =1.2.0, =0.83.0, =7.23.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =1.6.es801.0, =1.7.es8184.0 and more Source cves: CVE-2025-37727 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-13517507...

EUVD-2021-6533

Malicious code in bioql PyPI...

EUVD-2021-6570

Malicious code in bioql PyPI...

mysql: mariadb: mysqldump unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

CVE-2021-1062

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...

PT-2025-7798 · Novachron Zeitsysteme Gmbh & Co. Kg · Smart Time Plus

Name of the Vulnerable Software and Affected Versions: NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus versions 8.x through 8.6 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the addProject method in the "smarttimeplus/MySQLConnection" endpoint...

Grafana 跨站脚本漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. A cross-site scripting vulnerability exists in Grafana versions 8.x prior to 8.5.16 and 9.x...

Drupal Multiple Vulnerabilities (SA-CORE-2022-016) - Linux

Drupal is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environmental data such as metadata and virtual environments. A security vulnerabilit...

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environmental data such as metadata and virtual environments. A security vulnerabilit...

CVE-2021-1101

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin, where it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 12.x prior to 12.3, version 11.x prior to 11.5 and version 8.x prior 8.8...

PT-2021-7654

Name of the Vulnerable Software and Affected Versions SonicWall Secure Remote Access SRA appliances versions 8.x through 9.0.0.9-26sv Description The issue is related to improper neutralization of a SQL command, leading to a SQL injection vulnerability. This vulnerability impacts end-of-life Secu...

PT-2021-13458 · Nvidia · Nvidia Vgpu Manager

Name of the Vulnerable Software and Affected Versions: NVIDIA vGPU manager versions 8.x through 8.5 NVIDIA vGPU manager versions 11.0 through 11.2 Description: The NVIDIA vGPU manager contains a vulnerability in the vGPU plugin where an input data length is not validated. This may lead to tamperi...

CVE-2017-15897

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

Buffer overflow

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

CVE-2017-15897

CVE-2017-15897 affects Node.js versions 8.x and 9.x. The root cause is a buffer initialization bug where buffers were not initialized when the encoding for the fill value did not match the encoding specified, potentially allowing information disclosure. Public descriptions in connected docs corro...

CVE-2017-15897

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

PT-2017-3133 · Intel · Intel Manageability Engine Firmware

Name of the Vulnerable Software and Affected Versions: Intel Manageability Engine Firmware versions 8.x through 11.20 Description: The issue is caused by a buffer overflow in the Active Management Technology AMT subsystem, allowing an attacker with remote Admin access to execute arbitrary code wi...

CVE-2016-2008

HPE Data Protector before 7.03108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors...