Server
This hub aggregates every CVE we track for Server, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.
Cloud & SaaSother
220
CVEs tracked
34
Critical
70
High
0
In CISA KEV
Severity distribution
MEDIUM97HIGH70CRITICAL34LOW19
Monthly trend
0
1
0
0
0
3
0
1
5
0
3
3
4
0
0
3
6
5
2
3
8
10
19
15
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Server.
- CVE-2026-47684Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP7.7
- CVE-2026-48165MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side8.0
- CVE-2026-48163MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)8.0
- CVE-2026-44173MariaDB: FILE privilege was not checked for subqueries in the FROM clause5.0
- CVE-2026-44172MariaDB: mysql_real_escape_string() incorrectly handled big59.8
- CVE-2026-44171MariaDB: path traversal in mbstream6.3
- CVE-2026-44169MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions4.3
- CVE-2026-44168MariaDB: wsrep SST unsafe parameter handling on the donor side8.0
- CVE-2026-44170MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL9.8
- CVE-2026-49261MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`10.0
- CVE-2026-10544Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbit...6.5
- CVE-2026-10787Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This ...4.3
- CVE-2026-10786Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations...6.5
- CVE-2026-9522Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery s...5.4
- CVE-2026-9590Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information withou...5.3
Product normalization is registry-driven with AI assist and human review. How it works