Lucene search
K

1848 matches found

OSV
OSV
added 2026/06/13 8:46 a.m.13 views

BIT-MYSQL-CLIENT-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00998EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 8:44 a.m.9 views

BIT-MARIADB-MIN-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00998EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 8:44 a.m.12 views

BIT-MARIADB-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00998EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 8:16 p.m.8 views

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

8.8CVSS0.00287EPSS
Exploits1References1
OSV
OSV
added 2026/06/12 6:16 p.m.8 views

ALPINE-CVE-2026-48165

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

7.2CVSS5.5AI score0.00666EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 6:16 p.m.5 views

ALPINE-CVE-2026-48163

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

7.2CVSS5.8AI score0.00694EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 6:16 p.m.12 views

CVE-2026-48165

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

9.1CVSS0.00666EPSS
Exploits0References12
NVD
NVD
added 2026/06/12 6:16 p.m.10 views

CVE-2026-44168

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS0.00469EPSS
Exploits0References12
CVE
CVE
added 2026/06/12 5:35 p.m.55 views

CVE-2026-48165

CVE-2026-48165 affects MariaDB server in Galera replication scenarios. A high-privileged MariaDB user could have used the wsrep_sst_receive_address or wsrep_sst_donor global system variables to run shell commands as the mariadbd process user on the Galera joiner node. Affected versions are 10.6.1...

9.1CVSS5.5AI score0.00666EPSS
Exploits0References12Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 5:35 p.m.10 views

CVE-2026-48165 MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

8CVSS5.5AI score0.00666EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 5:35 p.m.43 views

CVE-2026-48165 MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

8CVSS0.00666EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 5:35 p.m.12 views

EUVD-2026-36520

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

8CVSS5.5AI score0.00666EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 5:34 p.m.9 views

CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.9AI score0.00694EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 5:31 p.m.39 views

CVE-2026-44168 MariaDB: wsrep SST unsafe parameter handling on the donor side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS0.00469EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 5:31 p.m.11 views

CVE-2026-44168 MariaDB: wsrep SST unsafe parameter handling on the donor side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00469EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 5:31 p.m.9 views

EUVD-2026-36514

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00469EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 5:30 p.m.39 views

CVE-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

6.3CVSS0.00554EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 10:49 p.m.10 views

CVE-2026-42846 ClipBucket: Remote Play URL Command Injection

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...

9.8CVSS5.5AI score0.00603EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 6:32 p.m.47 views

CVE-2026-47162

Vim (with the netrw plugin) is affected by CVE-2026-47162 due to a Vimscript code injection in s:NetrwBookHistSave() when serializing directory paths to the history file ~/.vim/.netrwhist. A directory name from the filesystem can be interpolated into a single-quoted Vimscript string literal witho...

8.8CVSS5.9AI score0.00219EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/11 6:31 p.m.10 views

EUVD-2026-36280

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...

5.1CVSS5.9AI score0.00135EPSS
Exploits0References3
Rows per page
Query Builder