Security Vulnerabilities
A vulnerability exists where a connection requiring TLS incorrectly reuses an
existing unencrypted connection from the same connection pool. If an initial
transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request
to that same host bypasses the TLS requirement and instead transmit data
unencrypted.
CVSS Score
5.9
EPSS Score
0.003
Published
2026-05-13
Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.
CVSS Score
5.2
EPSS Score
0.001
Published
2026-05-13
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
CVSS Score
5.1
EPSS Score
0.001
Published
2026-05-13
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
CVSS Score
6.8
EPSS Score
0.001
Published
2026-05-13
Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
CVSS Score
5.1
EPSS Score
0.001
Published
2026-05-13
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
CVSS Score
5.1
EPSS Score
0.002
Published
2026-05-13
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-05-13
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.
CVSS Score
6.8
EPSS Score
0.001
Published
2026-05-13
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
CVSS Score
9.1
EPSS Score
0.003
Published
2026-05-13
Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time.
This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.
CVSS Score
5.3
EPSS Score
0.002
Published
2026-05-13