mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network...

RHEL 9 : mysql:8.4 (RHSA-2026:25052)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25052 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

CVE-2026-11529

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function readresource of the file src/mysqlmcpserver/server.py of the component mysql URI Handler. This manipulation of the argument uristr causes sql injection. Remote exploitation of the...

OPENSUSE-SU-2026:20928-1 Security update for syft

This update for syft fixes the following issues: Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier should distinguish between MySQL Cluster ndb and MySQL 3297 4907 @witchcraze - Catalog...

SQL Injection

Overview mysql-mcp-server is an A Model Context Protocol MCP server that enables secure interaction with MySQL databases. This server allows AI assistants to list tables, read data, and execute SQL queries through a controlled interface, making database exploration and analysis safer and more...

CVE-2026-11529

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function readresource of the file src/mysqlmcpserver/server.py of the component mysql URI Handler. This manipulation of the argument uristr causes sql injection. Remote exploitation of the...

CVE-2026-11529 designcomputer mysql-mcp-server mysql URI server.py read_resource sql injection

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function readresource of the file src/mysqlmcpserver/server.py of the component mysql URI Handler. This manipulation of the argument uristr causes sql injection. Remote exploitation of the...

EUVD-2026-35108

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function readresource of the file src/mysqlmcpserver/server.py of the component mysql URI Handler. This manipulation of the argument uristr causes sql injection. Remote exploitation of the...

CVE-2026-11529 designcomputer mysql-mcp-server mysql URI server.py read_resource sql injection

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function readresource of the file src/mysqlmcpserver/server.py of the component mysql URI Handler. This manipulation of the argument uristr causes sql injection. Remote exploitation of the...

CVE-2026-11529

The CVE-2026-11529 affects the mysql_mcp_server component of the designcomputer project, specifically the read_resource function in src/mysql_mcp_server/server.py. The issue is a SQL injection caused by improper handling of the uri_str argument, leading to remote exploitation. Public exploit info...

jflyfox jfinal_cms 注入漏洞

jflyfox jfinalcms is a powerful information consulting website developed by jflyfox as open source. It uses the concise and robust JFinal as the web framework, Beetl as the template engine, MySQL as the database, and the Bootstrap framework for the front end. Versions of jflyfox jfinalcms 5.1.0 a...

PT-2026-47311

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read resource of the file src/mysql mcp server/server.py of the component mysql URI Handler. This manipulation of the argument uri str causes sql injection. Remote exploitation of t...

MySQL MCP Server 注入漏洞

The MySQL MCP Server is a security connection tool developed by Dana K. Williams. It allows interaction between AI and MySQL databases. Versions of the MySQL MCP Server prior to 0.2.2 have a vulnerability due to improper handling of the parameter uristr in the readresource function of the...

Amazon Linux 2023 : mariadb1011, mariadb1011-backup, mariadb1011-client-utils (ALAS2023-2026-1811)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1811 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable...

Medium: mariadb1011

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

RHEL 9 : mysql (RHSA-2026:23332)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23332 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

CVE-2025-15441

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

CVE-2026-30778

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

CVE-2026-8276

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...