Lucene search
K

12640 matches found

OSV
OSV
added 2026/06/12 6:16 p.m.5 views

ALPINE-CVE-2026-48163

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

7.2CVSS5.8AI score0.00694EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 6:16 p.m.12 views

CVE-2026-48165

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

9.1CVSS0.00666EPSS
Exploits0References7
NVD
NVD
added 2026/06/12 6:16 p.m.12 views

CVE-2026-48163

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

9.1CVSS0.00694EPSS
Exploits0References7
NVD
NVD
added 2026/06/12 6:16 p.m.10 views

CVE-2026-44168

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS0.00469EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/12 5:35 p.m.10 views

CVE-2026-48165 MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

8CVSS5.5AI score0.00666EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 5:34 p.m.10 views

EUVD-2026-36519

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00694EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 5:34 p.m.149 views

CVE-2026-48163

CVE-2026-48163 affects MariaDB (wsrep SST): during donor–donor synchronization, the donor interpolates parameters from the joiner in the SST rsync command line, and not all parameters are validated. This could allow a malicious joiner to execute arbitrary shell commands on the donor side. Patched...

9.1CVSS5.8AI score0.00694EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 5:34 p.m.9 views

CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.9AI score0.00694EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 5:34 p.m.37 views

CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS0.00694EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/12 5:34 p.m.20 views

CVE-2026-48163

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

9.1CVSS5.8AI score0.00694EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/12 5:31 p.m.11 views

CVE-2026-44168 MariaDB: wsrep SST unsafe parameter handling on the donor side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00469EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 5:31 p.m.41 views

CVE-2026-44168

Summary: CVE-2026-44168 affects MariaDB server during SST (wsrep) when the donor side interpolates joined parameters on the command line. Several affected branches exist: 10.6.1–10.6.25, 10.11.1–10.11.16, 11.4.1–11.4.10, 11.8.1–11.8.6, and 12.3.1. The root cause is incomplete validation of parame...

8CVSS5.8AI score0.00469EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/06/12 4:16 p.m.12 views

CVE-2026-48748

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...

7.5CVSS0.00366EPSS
Exploits0References5
CVE
CVE
added 2026/06/12 2:29 p.m.40 views

CVE-2026-40677

The vulnerability CVE-2026-40677 affects AMD optional tools that use insecure HTTP transport, enabling a potential attacker to perform a man-in-the-middle attack and potentially achieve arbitrary code execution. The issue stems from unencrypted transport within these tools, which could allow inte...

7.7CVSS5.7AI score0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:29 p.m.9 views

EUVD-2026-36488

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS5.7AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:29 p.m.12 views

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS5.7AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:23 p.m.26 views

CVE-2026-47244 Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

5.3CVSS0.00292EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:27 p.m.6 views

OESA-2026-2670 gvfs security update

Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...

4.3CVSS8.8AI score0.0036EPSS
Exploits2References2
OSV
OSV
added 2026/06/12 12:27 p.m.7 views

OESA-2026-2669 gvfs security update

Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...

4.3CVSS8.8AI score0.0036EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.9 views

SUSE CVE-2026-48855

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in sshsftpd sends the raw result of file:readlink/2 to the client without calling chrootfilename/2 to strip the backend root prefix. An...

2.3CVSS5.3AI score0.00277EPSS
Exploits0References3
Rows per page
Query Builder