JLSEC-2026-53

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

BIT-POSTGRESQL-2026-2005 PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

BIT-POSTGRESQL-2026-2003 PostgreSQL oidvector discloses a few bytes of memory

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

CVE-2026-2003

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

AZL-77643 CVE-2026-2006 affecting package rust 1.90.0-4

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

CVE-2026-2006

CVE-2026-2006 affects PostgreSQL prior to 18.2, 17.8, 16.12, 15.16, and 14.21 due to missing validation of multibyte character length in text manipulation, enabling a crafted query to cause a buffer overrun and execute arbitrary OS-level code. Affected components/versions: PostgreSQL text handlin...

CVE-2026-2003

PostgreSQL vulnerability CVE-2026-2003 involves improper validation of the oidvector type, causing disclosure of a few bytes of server memory. Affected versions are before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21. The issue is a memory disclosure risk with network exposure, requiring low pr...

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...

PT-2026-7843

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A flaw exists in PostgreSQL due to improper validation of...

HPE Network Switches Local Security Bypass Vulnerability

HPE Network Switches is a network switch from Hewlett-Packard HP. A security vulnerability exists in HPE Network Switches version 15.16.x and 15.17.x. It allows a local attacker to bypass security access restrictions by utilizing unspecified vectors...

HPE Network Switches Local Security Bypass Vulnerability (CNVD-2016-00112)

HPE Network Switches is a network switch from Hewlett-Packard HP. A security vulnerability exists in HPE Network Switches version 15.16.x and 15.17.x. It allows a local attacker to bypass security access restrictions by utilizing unspecified vectors...