199 matches found
EUVD-2026-41262
The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...
OESA-2026-2733 mariadb security update
Security Fixes: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...
CVE-2026-43873
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. T...
CVE-2026-43873 WWBN AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. T...
AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server
Summary plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. The unauthenticated error branch was intended to reject non-admin callers...
AlmaLinux 8 : mariadb:10.11 (ALSA-2026:6435)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6435 advisory. mysql: High Privilege Denial of Service Vulnerability in MySQL Server CVE-2025-21490 mariadb: MariaDB Server Crash Due to Empty Backtrace Log CVE-2023-529...
RLSA-2026:6435 Moderate: mariadb:10.11 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mysql: High Privilege Denial of Service Vulnerability in MySQL Server CVE-2025-21490 mariadb: MariaDB Server Crash Due to Empty Backtrace Log CVE-2023-52969 mariadb: MariaDB Server...
mysql: mariadb: mysqldump unspecified vulnerability (CPU Apr 2025)
Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...
Moderate: Red Hat Security Advisory: mariadb:10.11 security update
An update for the mariadb:10.11 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2026:6435 Moderate: mariadb:10.11 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mysql: High Privilege Denial of Service Vulnerability in MySQL Server CVE-2025-21490 mariadb: MariaDB Server Crash Due to Empty Backtrace Log CVE-2023-52969 mariadb: MariaDB Server...
RHEL 8 : mariadb:10.11 (RHSA-2026:6435)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6435 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mysql: High Privilege Deni...
Moderate: mariadb:10.11 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mysql: High Privilege Denial of Service Vulnerability in MySQL Server CVE-2025-21490 mariadb: MariaDB Server Crash Due to Empty Backtrace Log CVE-2023-52969 mariadb: MariaDB Server...
Astra Linux – Vulnerability in MariaDB
Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. The supported versions affected are 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. This vulnerability is difficult to exploit; it allows low-privilege attackers with network access via multiple protocols to...
MiracleLinux 9 : mysql-8.0.41-2.el9_5.ML.1 (AXSA:2025-9701:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9701:03 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...
MiracleLinux 8 : mariadb:10.5 (AXSA:2025-11081:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11081:01 advisory. mysql: High Privilege Denial of Service Vulnerability in MySQL Server CVE-2025-21490 mariadb: MariaDB Server Crash Due to Empty Backtrace Log...
MiracleLinux 8 : mariadb:10.5 (AXSA:2025-9615:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9615:01 advisory. mysql: InnoDB unspecified vulnerability CPU Oct 2023 CVE-2023-22084 mysql: Client: mysqldump unspecified vulnerability CPU Apr 2024 CVE-2024-21096...
MiracleLinux 9 : galera-26.4.20-1.el9_5, mariadb-10.5.27-1.el9_5 (AXSA:2025-9651:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9651:01 advisory. mysql: InnoDB unspecified vulnerability CPU Oct 2023 CVE-2023-22084 mysql: Client: mysqldump unspecified vulnerability CPU Apr 2024 CVE-2024-21096...
MiracleLinux 8 : mysql:8.0 (AXSA:2025-9705:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9705:01 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...
RockyLinux 10 : mariadb10.11 (RLSA-2026:0136)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0136 advisory. mysql: High Privilege Denial of Service Vulnerability in MySQL Server CVE-2025-21490 mariadb: MariaDB Server Crash Due to Empty Backtrace Log...
mysql: mariadb: mysqldump unspecified vulnerability (CPU Apr 2025)
Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...