12962 matches found
CVE-2026-6472
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...
CVE-2026-46445
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
DEBIAN-CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
DEBIAN-CVE-2026-46445
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
UBUNTU-CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46445
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
UBUNTU-CVE-2026-46445
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
EUVD-2026-30213
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46446
SOGo before 5.12.7, when using PostgreSQL or MariaDB, stores passwords in cleartext and is vulnerable to SQL injection via c_password = '%@' in changePasswordForLogin. The CVE notes an impact on confidentiality and integrity with a high base score (7.1) and a network attack vector requiring low p...
CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
EUVD-2026-30212
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
CVE-2026-46445
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
CVE-2026-46445
SOGo before 5.12.7 that uses PostgreSQL is vulnerable to SQL injection (CVE-2026-46445). The CVE description identifies affected software as SOGo prior to 5.12.7 and notes a PostgreSQL-related SQL injection path. The provided metrics indicate a HIGH severity (CVSS 3.1: AV:N/AC:H/PR:L/UI:N/S:U/C:H...
CVE-2026-46445
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
CVE-2026-46445
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...