OS & platform

CVE-2026-27878

CVE-2026-47847

CVE-2026-54762

CVE-2026-47262

CVE-2026-53489

CVE-2026-50195

CVE-2026-53488

CVE-2026-53492

A SQL injection vulnerability in Koha library software allows authenticated staff users with reports access to read arbitrary data from the application database, including password hashes and personal information.

A vulnerability in the Grafana Operator allows malicious users to steal the Kubernetes service account token of the operator and gain elevated privileges by creating specially crafted Dashboard resources.

A security vulnerability in MariaDB database software allows privileged users to execute commands on the server through certain system variables. This can lead to complete compromise of the database system.

affects: ≥10.6.1 <10.6.27; ≥10.11.1 <10.11.18; ≥11.4.1 <11.4.12; ≥11.8.1 <11.8.8; =12.3.1

A vulnerability in MariaDB database servers allows malicious nodes to execute arbitrary system commands on other servers when joining a database cluster.

affects: ≥10.6.1 <10.6.27; ≥10.11.1 <10.11.18; ≥11.4.1 <11.4.12; ≥11.8.1 <11.8.8; =12.3.1

MariaDB database server in certain versions failed to properly check file permissions, allowing users without appropriate rights to export data to files. This enables unauthorized access to sensitive database contents.

affects: ≥10.6.1 <10.6.26; ≥10.11.1 <10.11.17; ≥11.4.1 <11.4.11; ≥11.8.1 <11.8.7; =12.3.1

A vulnerability in MariaDB versions 3.3.18 and 3.4.8 allows SQL injection attacks despite using the mysql_real_escape_string() security function when using big5 character encoding.

affects: =3.3.18; =3.4.8

A vulnerability in MariaDB's mbstream backup tool allows attackers to create files outside the intended target directory through specially crafted archives, potentially leading to unauthorized file access.

affects: ≥10.6.1 <10.6.26; ≥10.11.1 <10.11.17; ≥11.4.1 <11.4.11; ≥11.8.1 <11.8.7; =12.3.1

A vulnerability in MariaDB on Windows systems allows users to execute system commands when the CONNECT engine with REST support is enabled, due to unsafe processing of HTTP attributes.

affects: ≥10.6.1 <10.6.26; ≥10.11.1 <10.11.17; ≥11.4.1 <11.4.11; ≥11.8.1 <11.8.7; =12.3.1

In certain MariaDB versions, users with execution rights for stored routines can view their source code even without the proper authorization to do so.

affects: ≥11.4.1 <11.4.11; ≥11.8.1 <11.8.7; =12.3.1

A security flaw in MariaDB database software allows malicious clients to execute arbitrary system commands on the server by sending unvalidated parameters during data synchronization processes.

affects: ≥10.6.1 <10.6.26; ≥10.11.1 <10.11.17; ≥11.4.1 <11.4.11; ≥11.8.1 <11.8.7; =12.3.1

OpenTofu, an infrastructure-as-code tool, can be forced into high CPU usage by malicious servers, causing denial of service. This affects HTTP response processing and TLS certificate handling through Go standard libraries.

A security vulnerability in the mailcow email software allows attackers to execute malicious code in administrator browsers by sending emails with specially crafted attachment names, potentially leading to admin account takeover.

A security vulnerability in mailcow (an email software) allows attackers to inject malicious code into admin logs that gets executed when administrators view those logs.

A vulnerability in the Netty framework allows attackers to cause denial-of-service attacks by sending malicious Redis messages with false array size declarations that trigger excessive memory allocation.

A vulnerability in the Netty framework causes memory leaks when Redis pipeline connections close prematurely. This can exhaust the entire memory pool through repeated connection interruptions, causing all network channels to fail.