CVE-2026-48165

A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...

BIT-MARIADB-2026-48165 MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

openSUSE 16 Security Update : mariadb (openSUSE-SU-2026:20933-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20933-1 advisory. This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. -...

EUVD-2026-36520

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

CVE-2026-48165

MariaDB/server Galera Cluster vulnerability (CVE-2026-48165): a high-privilege MariaDB user could have used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the mariadbd uid on the Galera joiner node. Affected versions include 10.6.1–10.6.26, 10.11...

CVE-2026-48165

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

SUSE-SU-2026:22095-1 Security update for mariadb

This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. - CVE-2026-44168:...

SUSE-SU-2026:2330-1 Security update for mariadb

This update for mariadb fixes the following issues: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. - CVE-2026-44168: wsrep SST unsafe...

Security update for mariadb

This update for mariadb fixes the following issues: CVE-2026-3494: audit plugin comment handling bypass bsc1259176. CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. CVE-2026-44170: argument...

EUVD-2020-3393

Malware in sbrugna...

EUVD-2025-6400

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-10996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transitionkey for SST processes in place o...

Linux Distros Unpatched Vulnerability : CVE-2017-12110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable integer overflow vulnerability exists in the xlsappendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulti...

Malicious code in @crimson-team/sst-shared-components (npm)

The package @crimson-team/sst-shared-components was found to contain malicious code...

Malicious code in @crimson-team/sst-shared-types (npm)

The package @crimson-team/sst-shared-types was found to contain malicious code...

MAL-2025-7736 Malicious code in @crimson-team/sst-shared-components (npm)

The package @crimson-team/sst-shared-components was found to contain malicious code...

MAL-2025-9270 Malicious code in @ruby-team/sst-tasks (npm)

The package @ruby-team/sst-tasks was found to contain malicious code...

MAL-2025-9271 Malicious code in @ruby-team/sst-ui-commons (npm)

The package @ruby-team/sst-ui-commons was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2025-21845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea mtd: spi-nor: sst: Factor out...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fixed SST write failure issue The commit “18bcb4aa54ea” “mtd: spi-nor: sst: Factored out the common write operation into sstnorwritedata” introduced a bug where only one byte of data was written, regardless of...