Lucene search
K

4 matches found

Microsoft CVE
Microsoft CVE
added 2026/05/10 8:3 a.m.10 views

pgx: SQL Injection via placeholder confusion with dollar quoted string literals

...

9.8CVSS5.8AI score0.00356EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/08 3:53 p.m.51 views

CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

2.3CVSS0.00356EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 3:53 p.m.21 views

CVE-2026-41889

CVE-2026-41889 affects the pgx PostgreSQL driver for Go. Before version 5.9.2, using the non-default simple protocol with a dollar-quoted string containing text that can be interpreted as a placeholder outside of a string literal allows SQL injection when the placeholder value is attacker-control...

9.8CVSS5.7AI score0.00356EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:53 p.m.8 views

CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

2.3CVSS5.7AI score0.00356EPSS
Exploits0References3
Rows per page
Query Builder