CVE-2026-2361 Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user with create privilege to gain superuser privileges

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

CVE-2026-2360

CVE-2026-2360 affects PostgreSQL Anonymizer. A vulnerability lets a user gain superuser privileges by creating a custom operator in the public schema, placing malicious code there, which is executed with superuser rights when the extension is created. Risk is higher on PostgreSQL 14 or when upgra...

CVE-2026-2360 Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user to gain superuser privileges in PostgreSQL 14

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is...

CVE-2026-2360

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005334)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005334 advisory. Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client...

PT-2026-7633

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.0.1 Description The software contains a flaw that could allow a user to obtain superuser privileges. This is achieved by creating a custom operator within the public schema and embedding malicious code...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005346)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005346 advisory. PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005349 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005344)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005344 advisory. Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client...

PostgreSQL Anonymizer 安全漏洞

PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a security vulnerability that stems from allowing users to create...

DALIBO PostgreSQL Anonymizer 安全漏洞

DALIBO PostgreSQL Anonymizer is an extension software developed by the French company DALIBO. It is designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. There is a security vulnerability in PostgreSQL Anonymizer, which stems...

CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

PT-2026-7634

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.0.1 PostgreSQL versions 14 and 15 Description A flaw exists in PostgreSQL Anonymizer that could allow a user with CREATE privileges to gain superuser privileges. This occurs by creating a temporary vie...

OPENSUSE-SU-2026:20193-1 Security update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc

This update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc fixes the following issues: Changes in orthanc: - dcmtk 370 breaks TW...

php: pgsql extension does not check for errors during escaping

A flaw was found in PHP. Missing error checking could result in SQL injection, and missing error handling could lead to crashes due to null pointer dereferences...

CVE-2024-7348 vulnerabilities

Vulnerabilities for packages: postgresql...

GHSA-3C6G-7V4G-5XCM vulnerabilities

Vulnerabilities for packages: postgresql...

Exploit for Command Injection in Veeam Veeam_Backup_\&_Replication

Affected Software: PostgreSQL 15.x before 15.7, 16.x before 16...

CVE-2026-25544 Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...