CVE-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

CVE-2026-44173

CVE-2026-44173 affects MariaDB server: the FILE privilege was not checked for subqueries in the FROM clause, allowing potential leakage of file operations via SELECT ... INTO OUTFILE/DUMPFILE. Affected versions include MariaDB 10.6.1–10.6.25, 10.11.1–10.11.16, 11.4.1–11.4.10, 11.8.1–11.8.6, and 1...

CVE-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

EUVD-2026-36518

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

CVE-2026-44173

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

SUSE-SU-2026:2284-1 Security update for mariadb

This update for mariadb fixes the following issues: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. - CVE-2026-44170:...

Exploit for Code Injection in Mariadb

CVE-2024-27766 MariaDB v11.1 RCE via UDF — modified PoC based...

GHSA-J8G6-5GQC-MQ36 Neuron MySQLSelectTool “read-only” bypass via `SELECT ... INTO OUTFILE` (file write → potential RCE)

Impact MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying. However, validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can...

Neuron MySQLSelectTool “read-only” bypass via `SELECT ... INTO OUTFILE` (file write → potential RCE)

Impact MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying. However, validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can...

EUVD-2025-17690

Malicious code in bioql PyPI...

EUVD-2023-23922

Malicious code in bioql PyPI...

EUVD-2023-23921

Malicious code in bioql PyPI...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: accel/ivpu: Fixed the locking order in ivpujobsubmit. Fixed deadlocks in job submission and abort handling. When a thread aborts currently executing jobs due to a fault, it first locks the global lock that protects submittedjo...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in ivpumscleanup Fix deadlock in ivpumscleanup by preventing runtime resume after filepriv-mslock is acquired. During a failure in runtime resume, a cold boot is executed, which calls ivpumscleanupall. Th...

CVE-2023-1694

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality...

CVE-2023-1693

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality...

AZL-62821 CVE-2025-37907 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpujobsubmit Fix deadlock in job submission and abort handling. When a thread aborts currently executing jobs due to a fault, it first locks the global lock protecting submittedjobs 1. After the...

DEBIAN-CVE-2025-37847

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in ivpumscleanup Fix deadlock in ivpumscleanup by preventing runtime resume after filepriv-mslock is acquired. During a failure in runtime resume, a cold boot is executed, which calls ivpumscleanupall. Th...

UBUNTU-CVE-2025-37847

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in ivpumscleanup Fix deadlock in ivpumscleanup by preventing runtime resume after filepriv-mslock is acquired. During a failure in runtime resume, a cold boot is executed, which calls ivpumscleanupall. Th...

CVE-2024-41799

tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via...