CVE Tools

percona

DatabasesUScommercial

6

Cumulative CVEs

4

Monthly snapshots

#56

Peak rank

Top products

toolkit2 xtrabackup1

Latest CVEs

The 15 most recently published vulnerabilities affecting percona.

CVE-2026-25212An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature...9.9Apr 2, 2026
CVE-2025-26701An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fix...10.0Mar 11, 2025
CVE-2024-7701Misuse of SHA256 to create an encryption key7.5Dec 15, 2024
CVE-2022-25834In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.7.8Jun 7, 2023
CVE-2023-34409In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts...9.8Jun 6, 2023
CVE-2022-34968An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.7.5Aug 3, 2022
CVE-2022-26944Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed...6.5Jun 2, 2022
CVE-2020-15180A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitra...9.0May 27, 2021
CVE-2021-27928A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch...7.2Mar 19, 2021
CVE-2020-26542An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona ...9.8Nov 9, 2020
CVE-2020-10996An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.8.1Apr 27, 2020
CVE-2020-10997Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is...6.5Apr 27, 2020
CVE-2020-7920pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.7.5Feb 6, 2020
CVE-2019-12301The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.9.8May 23, 2019
CVE-2017-15365sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with...8.8Jan 25, 2018