Solution sectors / databases
Databases
Databases, caches and message queues hold an organization's most valuable asset — its data. This hub tracks CVE trends across relational and NoSQL engines, data warehouses and queuing systems.
Cumulative CVEs
12,762
across 280 monthly snapshots
Latest month
261
+113.9% MoM · +307.8% YoY
Peak month
285
Jan 25
KEV this month
1
51 vendors affected
CVEs per month
Newest period on the right. Click a point to open that monthly report.
Deployment mix
How this sector's software is typically delivered — whether you patch it yourself or a vendor does. AI-assisted vendor classification.
- On-prem97%
- SaaS3%
Latest CVEs in this sector
The 15 most recently published vulnerabilities tagged to Databases.
- CVE-2025-36372IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables5.5
- CVE-2026-10109IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling9.8
- CVE-2026-11906IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user6.5
- CVE-2026-58372SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys8.1
- CVE-2026-58371SeaweedFS < 4.30 - Cross-Origin Information Disclosure via Unvalidated JSONP callback Parameter3.1
- CVE-2026-13455PostgreSQL Anonymizer: Unrestricted function can leak the secret salt4.3
- CVE-2026-49434Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker7.5
- CVE-2026-49432Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service7.5
- CVE-2026-49877Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console8.1
- CVE-2026-50734Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation7.5
- CVE-2026-50750Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-492707.5
- CVE-2026-52760Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console6.1
- CVE-2026-53916Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec7.5
- CVE-2026-53917Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling7.5
- CVE-2026-54475Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover7.5
Weakness fingerprint
Top CWE classes in this sector, latest monthly snapshot.
Subsectors
Breakdown for the latest monthly snapshot.
| Subsector | CVEs | Crit | KEV | Vendors | MoM | Top products |
|---|---|---|---|---|---|---|
| db-tooling | 79 | 43 | · | 14 | — | webcenter content (32) · pgadmin 4 (11) · webcenter enterprise capture (10) |
| relational | 48 | 20 | · | 6 | — | jd edwards enterpriseone tools (14) · red hat directory server 11 (13) · red hat directory server 12 (13) |
| cache-message-queue | 45 | 13 | · | 5 | — | apache activemq (15) · weblogic server (13) · apache activemq broker (8) |
| nosql | 32 | 9 | · | 9 | — | mongodb (15) · mongodb server (13) · coherence (7) |
| data-warehouse-analytics | 30 | 14 | · | 8 | — | webcenter portal (10) · snowflake cli (7) · advanced outbound telephony (3) |
| — | 27 | 9 | 1 | 9 | — | server (9) · application development framework (4) · universal work queue (4) |
Sector classification is AI-assisted with human review. How tagging works · Report a misclassification