27 matches found
CVE-2026-54816
Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...
EUVD-2026-30777
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017679)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017679 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017739)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017739 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...
CVE-2026-30958
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...
CVE-2026-30958
OneUptime CVE-2026-30958 describes an unauthenticated path traversal vulnerability in the /workflow/docs/:componentName endpoint, where the componentName parameter is directly concatenated into the server file path used by res.sendFile(), enabling arbitrary file reads. Root cause: lack of sanitiz...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000456)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000456 advisory. In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4putsuper in...
UBUNTU-CVE-2025-64520
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunked HTTP requests. An attacker can bypass security restrictions and potentially access or manipulate sensitive data by sending specially crafted HTTP requests that exploit...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...
2025-10 .NET 8.0.21 Security Update for x86 Client (KB5068331)
2025-10 .NET 8.0.21 Security Update for x86 Client KB5068331...
UBUNTU-CVE-2025-6710
MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the server to crash which coul...
WordPress plugin Distance Based Shipping Calculator 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
SUSE CVE-2020-14870
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: X Plugin. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2021-41535
A vulnerability has been identified in NX 1953 Series All versions V1973.3700, NX 1980 Series All versions V1988, Solid Edge SE2021 All versions SE2021MP8. The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to...
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
Oracle MySQL 安全漏洞
Oracle MySQL is an open source relational database management system.MySQL Server mysqld is the MySQL server, the main program that performs most of the work in a MySQL installation. An unspecified vulnerability exists in the InnoDB component of Oracle MySQL Server 8.0.21 and earlier versions. An...
mysql: InnoDB unspecified vulnerability (CPU Oct 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
...