378 matches found
EUVD-2026-18364
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CVE-2026-25212
Percona PMM prior to 3.7 is affected. An internal database user with superuser privileges can leverage the pmm-admin authenticated Add data source flow to break out of the database context and run shell commands on the underlying OS. This is evidenced in multiple sources (e.g., Percona release no...
CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
PT-2026-29794
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
Percona PMM 安全漏洞
Percona PMM is a database monitoring and performance analysis platform developed by Percona, Inc. Versions of Percona PMM prior to version 3.7 contained security vulnerabilities. These vulnerabilities stemmed from internal database users retaining superuser privileges, which could allow attackers...
CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CLEANSTART-2026-AC65885 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25518, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 1.18.0-r0, 1.18.0-r1, 1.18.0-r2, 1.18.0-r3
Multiple security vulnerabilities affect the percona-xtradb-cluster-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-FW7P-63QQ-7HPR vulnerabilities
Vulnerabilities for packages: spire-server-fips, ratify, apko, cerbos, tailscale, temporal-server, beats, step-kms-plugin-fips, sqlexporter, terragrunt, gitea-fips, mariadb-operator, sops, sqlexporter-fips, elastic-agent-fips, fulcio-fips, jitsucom-bulker, argo-workflows-fips, rekor, cg,...
CLEANSTART-2026-JN44153 Security fixes for GHSA-F6X5-JH6R-WRFV, GHSA-GX3X-VQ4P-MHHV, GHSA-J5W8-Q4QC-RX2X applied in versions: 1.18.0-r0, 1.19.0-r1
Multiple security vulnerabilities affect the percona-xtradb-cluster-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-25518 vulnerabilities
Vulnerabilities for packages: cert-manager-webhook-pdns, percona-server-mongodb-operator, step-issuer, percona-xtradb-cluster-operator, aws-privateca-issuer, cert-manager-istio-csr, opentelemetry-operator-fips, percona-xtradb-cluster-operator-fips, mariadb-operator, aws-privateca-issuer-fips,...
CVE-2026-25518 vulnerabilities
Vulnerabilities for packages: mariadb-operator, cert-manager-csi-driver, opentelemetry-operator, step-issuer, cert-manager-webhook-pdns, aws-privateca-issuer, cert-manager-cmctl, cert-manager-istio-csr, percona-server-mongodb-operator...
GHSA-GX3X-VQ4P-MHHV vulnerabilities
Vulnerabilities for packages: mariadb-operator, cert-manager-csi-driver, opentelemetry-operator, step-issuer, cert-manager-webhook-pdns, aws-privateca-issuer, cert-manager-cmctl, cert-manager-istio-csr, percona-server-mongodb-operator...
GHSA-GX3X-VQ4P-MHHV vulnerabilities
Vulnerabilities for packages: cert-manager-webhook-pdns, percona-server-mongodb-operator, step-issuer, percona-xtradb-cluster-operator, aws-privateca-issuer, cert-manager-istio-csr, opentelemetry-operator-fips, percona-xtradb-cluster-operator-fips, mariadb-operator, aws-privateca-issuer-fips,...
CVE-2020-7920
pmm-server in Percona Monitoring and Management PMM 2.2.x before 2.2.1 allows unauthenticated denial of service...
CVE-2019-12301
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2...
CVE-2021-27928 vulnerabilities
Vulnerabilities for packages: percona-server...
GHSA-Q88M-4HG8-4H3H vulnerabilities
Vulnerabilities for packages: percona-server...