4.9
CVE-2026-35240 - mysql: Optimizer unspecified vulnerability (CPU Apr 2026)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Mβ¦
4.9
CVE-2026-35238 - mysql: InnoDB unspecified vulnerability (CPU Apr 2026)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serverβ¦
6.5
CVE-2026-34308 - mysql: JSON unspecified vulnerability (CPU Apr 2026)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Sβ¦
6.5
CVE-2026-34270 - mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols tβ¦
8.8
CVE-2026-31018 - Authenticated Users Can Inject PHP Code in Dolibarr Website Module
In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page crβ¦
6.5
CVE-2026-22017 - mysql: Optimizer unspecified vulnerability (CPU Apr 2026)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Myβ¦
2.7
CVE-2026-22001 - mysql: Information Schema unspecified vulnerability (CPU Apr 2026)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to comβ¦
8.8
CVE-2026-31019 - Website Module Bypass Enables Remote Code Execution in Dolibarr ERP & CRM
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code exβ¦
8.4
CVE-2026-40706 - NTFS-3G SUID-root Heap Buffer Overflow Enables Privilege Escalation
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when pβ¦
6.5
CVE-2026-34303 - mysql: Optimizer unspecified vulnerability (CPU Apr 2026)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Myβ¦