Important: Red Hat Security Advisory: postgresql-jdbc security update

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

SUSE SLES15 Security Update : postgresql14 (SUSE-SU-2026:2117-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2117-1 advisory. This update for postgresql14 fixes the following issues Update to version 14.23. Security issues: - CVE-2026-6472: ensure the user...

SUSE SLES12 Security Update : postgresql14 (SUSE-SU-2026:2086-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2086-1 advisory. This update for postgresql14 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema...

Drupal Core 10.5.5 - Error-Based SQL Injection

Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection Google Dork: N/A Date: 2026-05-31 Exploit Author: cardosource Vendor Homepage: https://www.drupal.org Software Link: https://www.drupal.org/project/drupal Version: Drupal Core 10.5.5 Tested on: Debian Linux Docker, PHP 8.2, Apache,...

Security update for postgresql-jdbc (important)

openSUSE security update: security update for postgresql-jdbc ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20847-1 Rating: important References: bsc1264174 Cross-References: CVE-2026-42198 CVSS scores: CVE-2026-42198 SUSE : 7.5...

Exploit for SQL Injection in Litellm

CVE-2026-42208 — LiteLLM Pre-Authentication SQL Injection A l...

OPENSUSE-SU-2026:20847-1 Security update for postgresql-jdbc

This update for postgresql-jdbc fixes the following issue - CVE-2026-42198: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication bsc1264174...

postgresql16 security update

An update is available for postgresql16. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced Object-Relational database management system...

postgresql18 security update

An update is available for postgresql18. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced Object-Relational database management system...

RLSA-2026:19009 Important: postgresql18 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

Security update for postgresql14

This update for postgresql14 fixes the following issues Update to version 14.23. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

SUSE-SU-2026:2117-1 Security update for postgresql14

This update for postgresql14 fixes the following issues Update to version 14.23. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

OESA-2026-2501 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

SUSE SLES12 Security Update : postgresql15 (SUSE-SU-2026:2085-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2085-1 advisory. This update for postgresql15 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema...

SUSE SLES12 Security Update : postgresql16 (SUSE-SU-2026:2084-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2084-1 advisory. This update for postgresql16 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema...

CVE-2026-45288 Marten has an SQL injection vulnerability in its full-text search regConfig parameter

Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...

CVE-2026-44477

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...

CVE-2026-44477 CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...

CVE-2026-44477 CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...

CVE-2026-44477

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...