Unity Linux 20.1060e / 20.1070e Security Update: postgresql (UTSA-2026-017516)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017516 advisory. A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates...

Unity Linux 20.1060e / 20.1070e Security Update: postgresql (UTSA-2026-017576)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017576 advisory. A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns...

Unity Linux 20.1060e / 20.1070e Security Update: postgresql (UTSA-2026-017500)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017500 advisory. A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If...

PT-2026-39898

Name of the Vulnerable Software and Affected Versions Kysely versions prior to 0.28.16 Description Improper input handling in the JSON-path compiler allows attackers to access sensitive JSON data. The software fails to escape JSON-path metacharacters such as ., , , , , and ?, only doubling single...

pgAdmin SQL注入漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability could allow authenticated users to inject arbitrary commands in the psql copy command, enabling executio...

Unity Linux 20.1070e Security Update: postgresql (UTSA-2026-017752)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017752 advisory. When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject...

Unity Linux 20.1070e Security Update: postgresql (UTSA-2026-017787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017787 advisory. A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. Tenable ha...

Unity Linux 20.1060e / 20.1070e Security Update: postgresql (UTSA-2026-017503)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017503 advisory. A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to creat...

Exploit for CVE-2025-1094

--- POC Khai thác lỗ hổng CVE-2025-1094: PostgreSQL psql SQL...

pgx: SQL Injection via placeholder confusion with dollar quoted string literals

...

Exploit for Improper Input Validation in Postgresql

CVE-2018-1058 — PostgreSQL Search Path Demonstration This rep...

Authorization Bypass

CKAN is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization enforcement in datastoresearchsql, allowing attackers to bypass access controls and retrieve data from private resources as well as PostgreSQL system information...

SQL Injection

CKAN is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of input in datastoresearchsql, which allows an attacker to inject arbitrary SQL queries and gain access to private resources and PostgreSQL system information...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-017348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017348 advisory. A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-017349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017349 advisory. A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls wit...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-017347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017347 advisory. A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification...

UBUNTU-CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

EUVD-2026-28805

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

CVE-2026-41496 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase,...