mariadb
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting mariadb.
- CVE-2026-48165MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side8.0
- CVE-2026-48163MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)8.0
- CVE-2026-44173MariaDB: FILE privilege was not checked for subqueries in the FROM clause5.0
- CVE-2026-44172MariaDB: mysql_real_escape_string() incorrectly handled big59.8
- CVE-2026-44171MariaDB: path traversal in mbstream6.3
- CVE-2026-44169MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions4.3
- CVE-2026-44168MariaDB: wsrep SST unsafe parameter handling on the donor side8.0
- CVE-2026-44170MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL9.8
- CVE-2026-49261MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`10.0
- CVE-2026-35549An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user...6.5
- CVE-2026-32710Heap-based Buffer Overflow in MariaDB8.5
- CVE-2025-13699MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability7.0
- CVE-2025-56404An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation.7.5
- CVE-2023-52969MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info ...4.9
- CVE-2023-52968MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_de...4.9