CVE-2026-25212

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...

EUVD-2026-18364

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...

CVE-2026-25212

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...

CVE-2026-25212

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...

CVE-2026-25212

CVE-2026-25212 affects Percona PMM prior to 3.7. An internal database user with superuser privileges can abuse the Add data source feature to break out of the database context and execute shell commands on the underlying OS, as described in Percona PMM release notes for 3.7.0. Exploitation detail...

lunarbase-pmm-math (>=0.1.0 <=0.1.1), ruint-macro (=0.1.1) +5 more potentially affected by unknown CVE via ruint (>=0.1.0 <=1.16.0)

ruint CARGO version =0.1.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.3.0, =0.1.0, =0.5.1 Source cves: unknown CVE Source advisory: OSV:GHSA-9FJQ-45QV-PCM7...

EUVD-2025-7707

Malicious code in bioql PyPI...

CVE-2025-26701

An issue was discovered in Percona PMM Server OVA before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3...

CVE-2025-26701

An issue was discovered in Percona PMM Server OVA before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3...

CVE-2025-26701

An issue was discovered in Percona PMM Server OVA before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3...

Percona PMM Server 安全漏洞

Percona PMM Server is an open source database observability, monitoring and management tool for MySQL, PostgreSQL, MongoDB and ProxySQL from Percona. A security vulnerability exists in Percona PMM Server versions prior to 3.0.0-1.ova, which stems from default service account credentials that coul...

CVE-2025-26701

An issue was discovered in Percona PMM Server OVA before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3...

CVE-2023-34409

In Percona Monitoring and Management PMM server 2.x before 2.37.1, the authenticate function in authserver.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticat...

CVE-2023-34409

Summary: CVE-2023-34409 affects Percona Monitoring and Management (PMM) server 2.x up to 2.37.1. The vulnerability stems from the authenticate function in auth_server.go, which does not properly formalize or sanitize URL paths to reject path traversal. This allows an unauthenticated remote user t...

CVE-2023-34409

In Percona Monitoring and Management PMM server 2.x before 2.37.1, the authenticate function in authserver.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticat...

CVE-2021-22813

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...

CVE-2020-7920

pmm-server in Percona Monitoring and Management PMM 2.2.x before 2.2.1 allows unauthenticated denial of service...

CVE-2020-7920

PMM PMM-Server 2.2.x is affected by CVE-2020-7920 and before-2.2.1, allowing unauthenticated denial of service. The vulnerability affects the pmm-server component within Percona Monitoring and Management; no root-cause details are provided in the sources beyond the generic DoS description. Remedi...

Unfixed XSS vulnerability at www.worldcat.org

Security researcher PMM, has submitted on 19/12/2011 a cross-site-scripting XSS vulnerability affecting www.worldcat.org, which at the time of submission ranked 5068 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/12/2011. It is currently...

CVE-2007-5149

The CVE-2007-5149 entry describes a PHP remote file inclusion vulnerability in NewsCMS/Public Media Manager (PMM) 1.3, specifically in NewsCMS/news/newstopic_inc.php where an attacker can cause arbitrary PHP code execution through a URL supplied in the indir parameter. The affected component is t...