In pgAdmin 4 versions before 9.15 a medium severity vulnerability CVE-2026-7814 was detected. This vulnerability allows an attacker to execute Stored Cross-Site Scripting (XSS) attacks. This occurs because user-controlled PostgreSQL object names are unsafely assigned to DOM elements via innerHTML in the Browser Tree and Explain Visualizer modules, allowing attacker-supplied JavaScript to execute when a user navigates to or executes EXPLAIN over the malicious object. To address this issue, users should upgrade pgAdmin 4 to version 9.15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7814.
Read more DatabaseIn MongoDB Server versions v8.2 prior to 8.2.9 and v8.3 prior to 8.3.2 a high severity vulnerability CVE-2026-8336 was detected. This vulnerability allows an authenticated user to cause a post-authentication Denial of Service (DoS) by crashing the mongod process. This occurs due to a use-after-free error when the $_internalJsEmit function (which is not intended to be directly accessible) or the mapreduce command’s map function is invoked in a specific way, followed by subsequent use of the server-side JavaScript engine (e.g., through $where, $function, or mapreduce reduce stage). To address this issue, users should upgrade MongoDB Server to versions 8.2.9 or 8.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-8336.
Read more DatabaseIn MongoDB Server versions v7.0 prior to 7.0.34, v8.0 prior to 8.0.23, v8.2 prior to 8.2.9, and v8.3 prior to 8.3.2 a medium severity vulnerability CVE-2026-8202 was detected. This vulnerability allows an authenticated user with aggregation permissions to cause a Denial of Service (DoS) by pinning CPU utilization at 100% for an extended period. This occurs when a densely populated chars mask and a large input string are used in the MongoDB aggregation operators $trim, $ltrim, and $rtrim. To address this issue, users should upgrade MongoDB Server to versions 7.0.34, 8.0.23, 8.2.9, or 8.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-8202.
Read more DatabaseIn Apache Cassandra versions 4.0, 4.1, and 5.0 medium severity vulnerability CVE-2026-32588 was detected. This vulnerability allows attackers to raise query latencies and cause a Denial of Service (DoS) via repeated password changes using the ALTER ROLE command. To address this issue users must upgrade to 4.0.20, 4.1.11, or 5.0.7 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-32588.
Read more DatabaseIn Apache Cassandra versions 4.0 medium severity vulnerability CVE-2026-27315 was detected. This vulnerability allows attackers to access sensitive information, such as cleartext passwords, by reading the cqlsh_history local file if they have access to the user’s home directory. To address this issue users must upgrade to 4.0.20 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27315.
Read more DatabaseIn Apache Cassandra versions 5.0 high severity vulnerability CVE-2026-27314 was detected. This vulnerability allows attackers with CREATE permissions to associate their certificate identity with an arbitrary role, including superuser roles, and authenticate as that role via the ADD IDENTITY command. To address this issue users must upgrade to 5.0.7+ version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27314.
Read more DatabaseIn MariaDB Server versions prior to 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2 high severity vulnerability CVE-2026-35549 was detected. This vulnerability allows attackers to crash the server using a large packet when the caching_sha2_password authentication plugin is in use. To address this issue users must upgrade to 11.4.10, 11.8.6, or 12.2.2 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35549.
Read more DatabaseIn PostgreSQL versions 18.0 and 18.1 a high severity vulnerability CVE-2026-2007 was detected. This vulnerability allows a database user to trigger a heap buffer overflow via a crafted input string in the pg_trgm extension, which may lead to privilege escalation or other unintended impacts due to improper memory handling. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2007.
Read more DatabaseIn pgAdmin 4 versions before 9.11 a high severity vulnerability CVE-2026-1707 was detected. This vulnerability allows attackers with access to the pgAdmin web interface to bypass restore restrictions by disclosing and abusing the `\restrict` key during a restore operation from PLAIN-format dump files, resulting in arbitrary command execution on the pgAdmin host. To address this issue, users should upgrade pgAdmin 4 to version 9.11 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1707.
Read more Database