Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Data Management and Analytics
  • Database

Database

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    17 Jun 2026 Data Management and Analytics
    MariaDB Server: Shell Command Execution via Galera SST Variables

    In MariaDB Server versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1 a high severity vulnerability CVE-2026-48165 was detected. This vulnerability allows a high-privileged MariaDB user to execute arbitrary shell commands with the privileges of the mariadbd process on the galera joiner node. This occurs due to improper handling of the wsrep_sst_receive_address or wsrep_sst_donor global system variables. To address this issue, users should upgrade MariaDB Server to versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, or 12.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-48165.

    Read more
    Database
    11 Jun 2026 Data Management and Analytics
    SQLite: Heap Buffer Overflow in FTS5 Extension (fts5ChunkIterate)

    In SQLite versions before 3.53.2 a high severity vulnerability CVE-2026-11824 was detected. This vulnerability allows an attacker to cause a Denial of Service (crash) or potentially execute arbitrary code. This occurs due to a heap-based buffer overflow in the FTS5 full-text search extension (specifically within the fts5ChunkIterate() function). By supplying a specially crafted database with malicious continuation page metadata (where the szLeaf value is smaller than 4), an attacker can trigger an integer underflow. This results in an inflated remaining byte count during FTS5 MATCH query processing, leading to the overflow of attacker-controlled data into the heap. This vulnerability affects applications compiled with the SQLITE_ENABLE_FTS5 flag. To address this issue, users should upgrade SQLite to version 3.53.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-11824.

    Read more
    Database
    9 Jun 2026 Data Management and Analytics
    Milvus: Use of Weak Hash in Grantee ID Hash Handler

    In Milvus versions up to 2.6.13 a medium severity vulnerability CVE-2026-10814 was detected. This vulnerability may allow a local attacker to compromise the system through the exploitation of a weak cryptographic hash. This occurs because the Grantee ID Hash Handler component (specifically in internal/metastore/kv/rootcoord/kv_catalog.go) utilizes a weak hashing algorithm, which an attacker could potentially manipulate, despite the attack complexity being high. To address this issue, users should apply the recommended patch (commit 3d932f1c3e065351c4440c27abe1e6479752544d). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-10814.

    Read more
    Database
    9 Jun 2026 Data Management and Analytics
    Weaviate: Authorization Bypass in Static API Key Handler

    In Weaviate versions up to 1.37.7 a medium severity vulnerability CVE-2026-11500 was detected. This vulnerability allows a remote attacker to bypass intended access controls and gain unauthorized access. This occurs due to improper validation of the StaticApiKey argument within the validateConfig function of the Static API Key Handler (internal/usecases/auth/authentication/apikey/client.go). Although the attack complexity is high and exploitability is considered difficult, a public exploit is available. To address this issue, users should apply the patch (commit 40f2cc32279f0f8a51016c3c6870a2c0c808e6c0) or upgrade Weaviate to version 1.38.0-rc.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-11500.

    Read more
    Database
    4 Jun 2026 Data Management and Analytics
    Grafana: Denial of Service (DoS) via Unbounded Memory Allocation in Plugin Resources

    In Grafana versions 6.7.0 through 11.6.13, 12.0.0 through 12.2.7, 12.3.0 through 12.3.5, 12.4.0 through 12.4.2, 13.0.0 a medium severity vulnerability CVE-2026-28383 was detected. This vulnerability allows an authenticated attacker to cause a Denial of Service (DoS) by triggering an out-of-memory condition. This occurs because the Grafana plugin resources endpoint reads the entire request body into memory without size limits, leading to unbounded memory allocation. To address this issue, users should upgrade Grafana to version 11.6.14+security-04, 12.2.8+security-04, 12.3.6+security-04, 12.4.3+security-02, 13.0.1+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-283833.

    Read more
    Database
    4 Jun 2026 Data Management and Analytics
    SQLite: Denial of Service via Division by Zero in Query Planner

    In SQLite versions through 3.29.0 a medium severity vulnerability CVE-2019-16168 was detected. This vulnerability allows an attacker to cause a Denial of Service (DoS) by crashing a browser or any other application using the database. This occurs due to a severe division by zero error in the query planner (specifically within the whereLoopAddBtreeIndex function in sqlite3.c), which is triggered by missing validation of the sqlite_stat1 sz field. To address this issue, users should upgrade SQLite to version 3.29.0 and later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2019-16168.

    Read more
    Database
    3 Jun 2026 Data Management and Analytics
    MariaDB Server: Denial of Service via caching_sha2_password Plugin

    In MariaDB Server versions before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2 a medium severity vulnerability CVE-2026-35549 was detected. This vulnerability allows an attacker to cause a Denial of Service (DoS) by crashing the server. This occurs because when the caching_sha2_password authentication plugin is enabled and in use, sending a specially crafted large packet triggers a crash due to the unsafe use of the alloca function for memory allocation within sha256_crypt_r. To address this issue, users should upgrade MariaDB Server to versions 11.4.10, 11.8.6, or 12.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35549.

    Read more
    Database
    2 Jun 2026 Data Management and Analytics
    pgAdmin 4: OS Command Injection and Arbitrary File Write in Import/Export Tool

    In pgAdmin 4 versions before 9.15 a high severity vulnerability CVE-2026-7816 was detected. This vulnerability allows an authenticated user to achieve arbitrary operating-system command execution on the pgAdmin server or perform arbitrary file writes. This occurs because user-supplied input (including the query, format, on_error, and log_verbosity fields) is interpolated directly into a psql \copy metacommand template without proper sanitization. An attacker can exploit this by injecting strings like “) TO PROGRAM ‘cmd'” to break out of the intended \copy (…) context. To address this issue, users should upgrade pgAdmin 4 to version 9.15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7816.

    Read more
    Database
    28 May 2026 Data Management and Analytics
    pgAdmin 4: SQL Injection and OS Command Execution in Maintenance Tool

    In pgAdmin 4 versions prior to 9.15. a high severity vulnerability CVE-2026-7815 was detected. This vulnerability allows an authenticated user with tools_maintenance permissions to execute arbitrary SQL on the connected PostgreSQL server, which can be escalated to operating-system command execution on the database host. This occurs because four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) are concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command without proper sanitization and passed to psql. To address this issue, users should upgrade pgAdmin 4 to version 9.15 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7815.

    Read more
    Database
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}