EUVD-2026-25686

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

Oracle Linux 8 : postgresql:12 (ELSA-2026-4064)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4064 advisory. - Add backport of CVE-2025-8714 Orabug: 38667546 - Fix CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 - Backport CVE-2025-8715 - Fix backport for...

Oracle Linux 8 : postgresql:13 (ELSA-2026-4024)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4024 advisory. - fix CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 - Resolves: RHEL-128818 CVE-2025-12818 - Fix CVE-2025-1094 - Fixes: CVE-2024-10976 CVE-2024-10978...

CVE-2026-1094 vulnerabilities

Vulnerabilities for packages: gitlab-runner...

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution

This exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS. The module targets CVE-2026-1731, a direct command injection affecting RS versions 25.3.1 and prior, and PRA versions 24.3.4 and prior. Exploitation occurs with the...

Linux Distros Unpatched Vulnerability : CVE-2026-1094

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide special...

CVE-2026-1094

creationtimestamp| type| source ---|---|--- 2026-02-11 13:55:16+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3melmweqeno2j...

CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

MiracleLinux 8 : postgresql:13 (AXSA:2025-9711:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9711:01 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

MiracleLinux 9 : postgresql:15 (AXSA:2025-9702:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9702:01 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

MiracleLinux 8 : postgresql:16 (AXSA:2025-9713:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9713:01 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

MiracleLinux 9 : libpq-13.20-1.el9_5 (AXSA:2025-9696:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9696:01 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

EUVD-2026-1094

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CLSA-2025-1764858353 postgresql: Fix of CVE-2025-1094

CVE-2025-1094: fix potential SQL injections allowed by an improper encoding validation in data quoting functions...

Oracle Linux 8 : postgresql (ELSA-2025-28019)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-28019 advisory. - Add backport of CVE-2025-8714 Orabug: 38667546 - Backport CVE-2025-8715 - Fix backport for CVE-2025-1094 - Backport fix for CVE-2025-1094 - Fixes:...

Oracle Linux 7 : postgresql (ELSA-2025-16099)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-16099 advisory. - Restrict psql meta-commands in plain-text dumps Orabug: 38442031CVE-2025-8714 - Resolves CVE-2025-1094: Improper neutralization of quoting syntax in certain...

SUSE SLES15 Security Update : postgresql15 (SUSE-SU-2025:00614-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:00614-1 advisory. Upgrade to 15.12: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Tenable h...

SUSE-SU-2025:00614-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.12: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...

RLSA-2025:3082 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security issues, including the impact, a CVSS score,...

Exploit for CVE-2025-1094

CVE-2025-1094 SQL Injection to RCE via WebSocket 🔥 ✔️ Descr...