38317 matches found
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013687)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013687 advisory. In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in ndlabeldatainit If a faulty CXL memory device returns a...
CVE-2026-1354
Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...
CVE-2026-1354
Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...
CVE-2026-1354
Zero Motorcycles firmware versions 44 and earlier are affected by a Bluetooth pairing flow that can be forced by an attacker. Once paired, the attacker can use the OTA firmware updating functionality to potentially upload malicious firmware to the motorcycle. The attack requires proximity to the ...
CVE-2026-1354 Zero Motorcycles Firmware Key Exchange without Entity Authentication
Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...
CVE-2026-1354 Zero Motorcycles Firmware Key Exchange without Entity Authentication
Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...
EUVD-2026-24439
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...
EUVD-2026-24339
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...
EUVD-2026-24346
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
EUVD-2026-24295
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...
CVE-2026-35235
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...
@chocolatey-software/astro (>=2.7.0 <=2.8.0), @kyro-cms/admin (=0.1.2) +9 more potentially affected by CVE-2026-41067 via astro (>=6.0.0-beta.1 <=6.1.5)
astro NPM version =6.0.0-beta.1, =2.7.0, =0.19.0, =0.19.0, =1.10.0, =1.0.0, =1.4.2, =0.0.1, =0.0.1, =0.0.7 Source cves: CVE-2026-41067 Source advisory: SNYK:JS-ASTRO-16119128...
CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...
CVE-2026-35235
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...
CVE-2026-35236
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2026-34303
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...
CVE-2026-34293
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...
CVE-2026-34267
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...
CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function loglogin of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...
CVE-2026-41285
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery ND option over a local network with length zero, because of an "ndoptlen 8 - 2" expression with no preceding check for whether ndoptlen is zero...