Database

In NocoDB versions 0.257.9 and prior a medium severity vulnerability CVE-2025-27506 was detected. This vulnerability allows attackers to exploit a reflected Cross-Site Scripting (XSS) flaw in the /api/v1/db/auth/password/reset/:tokenId API endpoint due to the use of the insecure function “<%-" in the client-side template engine ejs, which is rendered by the function renderPasswordReset. To address this issue, users should upgrade NocoDB to versions 0.258.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27506.

In MySQL Server versions up to 9.1.0 a medium severity vulnerability CVE-2025-21567 was detected. This vulnerability allows a low-privileged attacker with network access via multiple protocols to compromise MySQL Server. To address this issue, users should upgrade to a version 9.2.0 or higher. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-21567.

In phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24530 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) by using a crafted table or database name. To address this issue, users should upgrade to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24530.

In phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24529 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) through the Insert tab. To address this issue, users should upgrade phpMyAdmin to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24529.

In MySQL Enterprise Firewall versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21495 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the system, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21495.

In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21522 was detected. This vulnerability allows a low-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the system, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21522.

In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21543 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the server, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21543.

In MySQL Connectors (component: Connector/Python) versions 9.1.0 and prior a medium severity vulnerability CVE-2025-21548 was detected. This vulnerability allows a high-privileged attacker with network access and user interaction to create, delete, or modify critical data, access sensitive data, and cause a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21548.

In PostgreSQL versions before 17.3, 16.7, 15.11, 14.16 and 13.19 a high severity vulnerability CVE-2025-1094 was detected. This vulnerability allows attackers to exploit improper quoting in libpq functions and PostgreSQL command-line utilities, potentially leading to SQL injection in specific usage scenarios. To address this issue, users should upgrade to PostgreSQL 17.3, 16.7, 15.11, 14.16 or 13.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1094.