Server
This hub aggregates every CVE we track for Server, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.
224
CVEs tracked
34
Critical
71
High
0
In CISA KEV
Severity distribution
MEDIUM98HIGH71CRITICAL34LOW21
Monthly trend
1
0
0
0
3
0
1
5
0
3
3
4
0
0
3
6
5
2
3
8
10
19
19
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Server.
- CVE-2026-57522Bitwarden Server < 2026.5.0 JSON Injection via Webhook Templates3.5
- CVE-2026-57521Bitwarden Server < 2026.5.0 Broken Access Control via PreviewInvoiceController4.3
- CVE-2026-57520Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint7.1
- CVE-2026-12755Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-si...2.7
- CVE-2026-47684Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP7.7
- CVE-2026-48165MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side8.0
- CVE-2026-48163MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)8.0
- CVE-2026-44173MariaDB: FILE privilege was not checked for subqueries in the FROM clause5.0
- CVE-2026-44172MariaDB: mysql_real_escape_string() incorrectly handled big59.8
- CVE-2026-44171MariaDB: path traversal in mbstream6.3
- CVE-2026-44169MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions4.3
- CVE-2026-44168MariaDB: wsrep SST unsafe parameter handling on the donor side8.0
- CVE-2026-44170MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL9.8
- CVE-2026-49261MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`10.0
- CVE-2026-10544Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbit...6.5
Product normalization is registry-driven with AI assist and human review. How it works