Database

In phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24529 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) through the Insert tab. To address this issue, users should upgrade phpMyAdmin to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24529.

In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21543 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the server, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21543.

In MySQL Connectors (component: Connector/Python) versions 9.1.0 and prior a medium severity vulnerability CVE-2025-21548 was detected. This vulnerability allows a high-privileged attacker with network access and user interaction to create, delete, or modify critical data, access sensitive data, and cause a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21548.

In MySQL Enterprise Firewall versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21495 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the system, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21495.

In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21522 was detected. This vulnerability allows a low-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the system, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21522.

In PostgreSQL versions before 17.3, 16.7, 15.11, 14.16 and 13.19 a high severity vulnerability CVE-2025-1094 was detected. This vulnerability allows attackers to exploit improper quoting in libpq functions and PostgreSQL command-line utilities, potentially leading to SQL injection in specific usage scenarios. To address this issue, users should upgrade to PostgreSQL 17.3, 16.7, 15.11, 14.16 or 13.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1094.

In the RediSearch module that provides querying, secondary indexing, and full-text search for Redis versions 2.6.24, 2.8.21, 2.10.10 a high severity vulnerability CVE-2024-51737 was detected. This vulnerability allows attackers to trigger a buffer overflow by using specially crafted arguments in the FT.SEARCH or FT.AGGREGATE commands, potentially leading to remote code execution. To fix this issue, users should upgrade the RediSearch module for Redis to versions 2.6.24, 2.8.21, and 2.10.10. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51737.

In PostgreSQL versions before 17.1, 16.5, 15.9, 14.14, 13.17 and 12.21 a high severity vulnerability CVE-2024-10979 was detected. This vulnerability allows an unprivileged database user to change sensitive process environment variables (e.g., PATH). This often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. To address this issue, users should upgrade PostgreSQL to versions 17.1, 16.5, 15.9, 14.14, 13.17 or 12.21. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10979.