JLSEC-2026-53

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

BIT-POSTGRESQL-2026-2005 PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

BIT-POSTGRESQL-2026-2003 PostgreSQL oidvector discloses a few bytes of memory

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

Debian dsa-6133 : libecpg-compat3 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6133 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6133-1 [email protected] https://www.debian.org/securit...

CVE-2026-2003

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

AZL-77643 CVE-2026-2006 affecting package rust 1.90.0-4

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

CVE-2026-2006

CVE-2026-2006 affects PostgreSQL prior to 18.2, 17.8, 16.12, 15.16, and 14.21 due to missing validation of multibyte character length in text manipulation, enabling a crafted query to cause a buffer overrun and execute arbitrary OS-level code. Affected components/versions: PostgreSQL text handlin...

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...

Linux Distros Unpatched Vulnerability : CVE-2026-2004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the...

PT-2026-7843

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A flaw exists in PostgreSQL due to improper validation of...

CVE-2025-61906

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...

Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting

Prior to Opencast 17.8 and 18.2 the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. Impact The vulnerability allows attackers to inject and malicious HTML and JavaScript in the player, which would then be executed in the browsers ...

EUVD-2025-33323

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...

CVE-2025-61788 Opencast Paella Player 7 vulnerable to Cross-Site-Scripting

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

CVE-2025-61788

Opencast Paella Player 7 is vulnerable to cross-site scripting prior to versions 17.8 and 18.2. The issue stems from unfiltered user-supplied metadata being rendered in the player, enabling injection of HTML/JavaScript that executes in viewers’ browsers. Exploitation requires write access to the ...

PT-2025-41299

Name of the Vulnerable Software and Affected Versions Opencast versions prior to 17.8 Opencast versions prior to 18.2 Description Opencast is a platform for managing educational audio and video content. In certain scenarios, prior to versions 17.8 and 18.2, the editor could publish a video withou...

Opencast 信息泄露漏洞

Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. A security vulnerability exists in Opencast versions prior to 17.8 and prior to 18.2, which can be exploited by attackers to cause accidental distribution...

Linux Distros Unpatched Vulnerability : CVE-2024-11931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1...

Trend Micro Security 安全漏洞

Trend Micro Security is an antivirus software from Trend Micro. A security vulnerability exists in Trend Micro Security version 17.8, which stems from a link-following vulnerability that could lead to elevated privileges...

PT-2025-28806 · Trend Micro · Trend Micro Security

Name of the Vulnerable Software and Affected Versions: Trend Micro Security version 17.8 Description: Trend Micro Security 17.8 Consumer contains a link following local privilege escalation issue. A local attacker could unintentionally delete privileged Trend Micro files, including the software...