13168 matches found
K000160142: PostgreSQL vulnerability CVE-2021-20229
Security Advisory Description A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. CVE-2021-20229 Impact...
📄 BeyondTrust PRA / RS Unauthenticated Remote Code Execution
This Metasploit module exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS. It leverages three different vulnerabilities depending on the user-selected target. The default target leverages CVE-2026-1731, a direct command...
Secure-auth-api
🔐 Secure Auth API — Built → Broken → Fixed A hands-on securit...
Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...
GHSA-MWF2-QR4V-94H2 Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...
Incorrect Authorization
Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Incorrect Authorization in the PostgreSQL database connection for SQLLab. An attacker can perform unauthorized data modification by submitting speciall...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Update to version 14.21. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to selectivity...
SUSE-SU-2026:0616-1 Security update for postgresql14
This update for postgresql14 fixes the following issues: Update to version 14.21. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivit...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Update to version 15.16. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to selectivity...
Security update for postgresql16
This update for postgresql16 fixes the following issues: Update to version 16.12. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to selectivity...
CVE-2026-23984
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...
CVE-2026-23984
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...
CVE-2026-23984 Apache Superset: SQLLab Read-Only Bypass on PostgreSQL
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...
CVE-2026-23984 Apache Superset: SQLLab Read-Only Bypass on PostgreSQL
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...
EUVD-2026-8475
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...
CVE-2026-23984
CVE-2026-23984 affects Apache Superset prior to 6.0.0. An authenticated user with SQLLab access can bypass the read-only verification for PostgreSQL connections, enabling crafted statements to evade the existing DML blocks. This could allow execution of data manipulation operations that should be...
CVE-2026-2003 affecting package postgresql for versions less than 16.12-1
CVE-2026-2003 affecting package postgresql for versions less than 16.12-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-2006 affecting package postgresql for versions less than 16.12-1
CVE-2026-2006 affecting package postgresql for versions less than 16.12-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-2004 affecting package postgresql for versions less than 16.12-1
CVE-2026-2004 affecting package postgresql for versions less than 16.12-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-2005 affecting package postgresql for versions less than 16.12-1
CVE-2026-2005 affecting package postgresql for versions less than 16.12-1. An upgraded version of the package is available that resolves this issue...