Astra Linux – Vulnerability in Mariadb 10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. The supported versions affected are 5.7.35 and earlier, as well as 8.0.26 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromise th...

PT-2026-51016

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.18 through 3.0.8 Description ProxySQL contains a pre-authentication heap memory corruption issue within the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can trigger this by declaring an...

UBUNTU-CVE-2026-46862

Vulnerability in the MySQL Router product of Oracle MySQL component: Router: General. Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Router. Successful attacks o...

Oracle MySQL Cluster 8.4.x < 8.4.10 (June 2026 CPU)

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CPU advisory. - Vulnerability in the MySQL NDB Cluster product of Oracle MySQL component: Cluster: NDB Operator. Supported versions that are affected are 8.0.11-8.0.4...

Oracle MySQL Server 9.x < 9.7.1 (June 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by a vulnerability as referenced in the June 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 8.4.0-8.4.9 and...

Oracle MySQL Cluster 9.x < 9.7.1 (June 2026 CPU)

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CPU advisory. - Vulnerability in the MySQL NDB Cluster product of Oracle MySQL component: Cluster: NDB Operator. Supported versions that are affected are 8.0.11-8.0.4...

Oracle MySQL Cluster 8.0.x < 8.0.47 (June 2026 CPU)

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CPU advisory. - Vulnerability in the MySQL NDB Cluster product of Oracle MySQL component: Cluster: NDB Operator. Supported versions that are affected are 8.0.11-8.0.4...

Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)

Question Security Bulletin: MySQL 0-day exploit CVE-2016-6662 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

GHSA-CF98-J28V-49V6 OpenFGA Improper Policy Enforcement

Description In OpenFGA, when MySQL is being used as the datastore, two distinct check requests can return the same response. Preconditions This applies if the following preconditions are met: 1. You run OpenFGA with MySQL as the datastore 2. Your authorization decisions rely on case-sensitive use...

CVE-2026-54419 PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

CVE-2026-55740

Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...

CVE-2026-55740 SQL Injection in Nur-Alam39 bus-ticket bus_info.php via busid parameter

Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...

CVE-2026-55740

CVE-2026-55740 affects Nur-Alam39 bus-ticket. The vulnerability is an unauthenticated SQL injection in bus_info.php where the busid parameter from an HTTP POST is concatenated directly into the query: select * from bus_info where id=$busid. This occurs in a numeric context and is not sanitized, e...

UBUNTU-CVE-2026-46863

Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are MySQL Server: 8.4.0-8.4.9, 9.0.0-9.7.0; MySQL Cluster: 8.0.11-8.0.46, 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows...

PT-2026-50730

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description When using MySQL as the datastore, the system may return identical responses for two distinct check requests. This occurs when authorization decisions depend on case-sensitive user strings...

CVE-2026-50267

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

CVE-2026-50267 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

CVE-2026-46869

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Dump and Load. Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell...

CVE-2026-46870

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. While the...

CVE-2026-46871

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks...