mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network...

Moderate: Red Hat Security Advisory: mysql8.4 security update

An update for mysql8.4 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2026:20693 Moderate: mysql8.4 security update

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. Security Fixes: mysql:...

CVE-2018-25372

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

CVE-2018-25372 MedDream PACS Server Premium 6.7.1.1 SQL Injection via email

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

Unity Linux 20.1060e / 20.1070e Security Update: sphinx (UTSA-2026-016628)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016628 advisory. SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal in conjunction with CVE-2019-14511 because the mysql client can be used for CALL...

RockyLinux 10 : mysql8.4 (RLSA-2026:4162)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4162 advisory. mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21941 mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21948 mysql:...

Unity Linux 20.1070e Security Update: mysql-connector-java (UTSA-2026-016694)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016694 advisory. Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/J. Supported versions that are affected are 8.0.15 and prior. Difficult to...

CVE-2026-48241

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php a public-facing database utility that are committed to the source repository. Any actor with access to the public source tree or an unauthenticated attacker with read access to the file on a deployed...

CVE-2026-48242

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...

CVE-2026-48242 Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...

CVE-2026-48242

Open ISES Tickets before 3.44.2 contains hardcoded MySQL credentials (host, username, password, database) in import_mdb.php, embedded in public repository source code. This exposure allows readers to obtain valid configuration values that may match deployed installations. The issue is documented ...

CVE-2026-48241 Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php a public-facing database utility that are committed to the source repository. Any actor with access to the public source tree or an unauthenticated attacker with read access to the file on a deployed...

CVE-2026-48241

Open ISES Tickets before 3.44.2 stores MySQL credentials in loader.php as hardcoded values committed to the source tree. This allows any reader of the public source or an unauthenticated read on a deployed install to obtain username, password, and database name and potentially connect to the data...

CVE-2026-48236 Open ISES Tickets < 3.44.2 SQL Injection via db_loader.php Multiple Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in dbloader.php where the multiple POST parameters ticketsdb, ticketshost, ticketsuser, ticketspassword are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database withou...

mysql8.4 security update

An update is available for mysql8.4. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MySQL is a multi-user, multi-threaded SQL database server. MySQL is a...

RLSA-2026:4162 Moderate: mysql8.4 security update

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. Security Fixes: mysql:...

CVE-2026-44047

A flaw was found in Netatalk. This vulnerability, identified as a SQL injection in the MySQL CNID backend, could allow a remote attacker to execute arbitrary code or gain unauthorized access to sensitive information. Successful exploitation could lead to significant data compromise, data...

EUVD-2026-31226

An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service...