KLA91052 Multiple vulnerabilities in PostgreSQL

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in refint can be exploited to...

KLA91049 DoS vulnerability in PostgreSQL

Heap buffer overflow vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to cause denial of service. Original advisories PostgreSQL pgrestoreattributestats accepts values that cause query planning to read past end of stats array Exploitation Related products...

Vulnerability in client (CVE-2026-6477)

PostgreSQL libpq lo functions let server superuser overwrite client stack memory Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an...

PostgreSQL 输入验证错误漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Vulnerabilities existed in versions prior to PostgreSQL 18.4,...

PT-2026-40917

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Missing authorization in the CREATE TYPE command allows a...

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...

PostgreSQL 格式化字符串错误漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...

PT-2026-40923

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description A covert timing channel exists during the comparison of...

Linux Distros Unpatched Vulnerability : CVE-2026-6474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones...

KLA91050 ACE vulnerability in PostgreSQL

A remote code execution vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories PostgreSQL pgcreatesubscriber allows SQL injection via subscription name Exploitation Related products PostgreSQL C...

PT-2026-40936

🚨High - n8n Multiple Critical Vulnerabilities CVE-2026-44791, CVE-2026-44792, CVE-2026-45732, CVE-2026-44789, CVE-2026-44790 Multiple high-severity vulnerabilities were disclosed in n8n, including Prototype Pollution leading to RCE via XML Node and HTTP Request Node, Arbitrary File Read via Git...

PT-2026-41160

Name of the Vulnerable Software and Affected Versions Marten versions prior to 8.36.1 Description Full-text search APIs interpolate the user-supplied regConfig parameter directly into generated SQL without parameterization or validation. This creates a SQL injection sink in any code path where...

SOGo SQL注入漏洞

SOGo is a very fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.7 had an SQL injection...

PT-2026-40919

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description An externally-controlled format string in the timeofday...

Linux Distros Unpatched Vulnerability : CVE-2026-46446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in...

Linux Distros Unpatched Vulnerability : CVE-2026-46445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. CVE-2026-46445 Note that Nessus relies on the presence of the package as reported by the...

PT-2026-40921

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 17.0 through 17.9 PostgreSQL versions 18.0 through 18.3 Description SQL injection in the pg createsubscriber function allows an attacker with pg create subscription rights to execute arbitrary SQL commands with superuser...

PT-2026-40847

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c password = '%@' in changePasswordForLogin...

PT-2026-40918

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Integer wraparound in multiple server features allows an...