Security Vulnerabilities
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, libcurl could leak the password used for the first host to the
followed-to host under certain circumstances.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-05-13
A vulnerability exists where a connection requiring TLS incorrectly reuses an
existing unencrypted connection from the same connection pool. If an initial
transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request
to that same host bypasses the TLS requirement and instead transmit data
unencrypted.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-05-13
Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.
CVSS Score
5.2
EPSS Score
0.0
Published
2026-05-13
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-05-13
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
CVSS Score
6.8
EPSS Score
0.0
Published
2026-05-13
Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-05-13
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-05-13
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-05-13
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.
CVSS Score
6.8
EPSS Score
0.0
Published
2026-05-13
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-05-13