📦

monitoring_and_management

Vendor: percona

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 4 Total Indexed

Avg. EPSS 0.95% Exploit Prob.

Latest CVE CVE-2026-25212 Apr 02

Security Vulnerability Index

Page 1 / 1

9.9 CVSS

CVE-2026-25212

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.

EPSS: 0.06%

Severity: CRITICAL

Apr 02, 2026

9.8 CVSS

CVE-2023-34409

In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure.

EPSS: 2.03%

Severity: CRITICAL

Jun 06, 2023

7.5 CVSS

CVE-2020-7920

pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.

EPSS: 0.76%

Severity: HIGH

Feb 06, 2020

Displaying 3 of 4 Total Entries

Total 1 Sections