mysql: JSON unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access v...

Exploit for CVE-2026-42945

CVE-2026-42945 NGINX Rift RCE PoC with Reverse Shell Remote...

Linux Distros Unpatched Vulnerability : CVE-2026-45490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Note that Nessus relies on the presence of the packag...

CVE-2026-47946

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

CVE-2026-48576 Secure Boot Security Feature Bypass Vulnerability

...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

CVE-2026-41841 Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-9881 vulnerabilities

Vulnerabilities for packages: chromium...

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed...

CVE-2026-39821 vulnerabilities

Vulnerabilities for packages: kubelet-csr-approver-fips, backup-restore-operator-fips, grept, neuvector-sigstore-interface, policy-controller, velero-plugin-for-gcp, nifikop-fips, rke2-runtime-fips, istio-fips, cortex-fips, kube-oidc-proxy, helm, knative-net-istio-fips, sealed-secrets-fips,...

cockpit security update

An update is available for cockpit. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. I...

CVE-2026-4104 SQLi in Akmer Informatics' TeknoPass

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...

CVE-2026-36175

Technical details enabling exploitation are not publicly available in the provided documents. The GNCC GP5 U-Boot vulnerability description is repeated across sources; monitor for updated advisories or technical specifics.

PT-2026-45866

Name of the Vulnerable Software and Affected Versions ahujasid blender-mcp versions prior to 5b37be25242e73dc4cf1328974d30458b9e5d67e Description An injection issue exists in the Open function within the src/blender mcp/server.py file. This occurs when the input image url argument is manipulated,...

Important: Red Hat Security Advisory: Multicluster Global Hub 1.4.5 security update

Multicluster Global Hub v1.4.5 general availability release images, which provide security fixes, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

PT-2026-45279

A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock manager.php. This manipulation of the argument txt search category causes sql injection. The attack may be initiated remotely. The exploit has...

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...

CVE-2026-10063

TRENDnet TEW-432BRP firmware 3.10B20 contains a stack-based buffer overflow in the formWPS function (/goform/formWPS) caused by manipulation of the peerPin parameter. The vulnerability can be exploited remotely, and public exploit code is available. The vendor notes the product is EOL (since 2009...

Linux Distros Unpatched Vulnerability : CVE-2026-9967

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

CVE-2026-34311

CVE-2026-34311 concerns Oracle Hospitality OPERA 5 Property Services (Opera component). Affected versions are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6, and 5.6.28. The vulnerability is exploitable over HTTP with network access and unauthenticated, leading to takeover of Oracle Hospitality OPERA 5 P...