Lucene search
K

13495 matches found

Nuclei
Nuclei
added 5 hours ago93 views

Apache Superset < 4.0.2 - SQL Injection

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...

9.8CVSS6AI score0.04433EPSS
Exploits2References4
BDU FSTEC
BDU FSTEC
added 8 hours ago21 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00385EPSS
Exploits0References11Affected Software9
BDU FSTEC
BDU FSTEC
added 8 hours ago16 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00709EPSS
Exploits1References11Affected Software9
CVE
CVE
added yesterday10 views

CVE-2026-50180

Summary: CVE-2026-50180 in Langroid’s SQLChatAgent allows arbitrary PostgreSQL file reads due to an incomplete DANGEROUS_SQL_PATTERNS blocklist. The blocklist misses several pg_read * and related functions (e.g., pg_read_file, pg_stat_file, pg_ls_logdir, pg_ls_waldir, pg_current_logfile) and does...

8.7CVSS6.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2 days ago5 views

github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

A flaw was found in github.com/jackc/pgx, a PostgreSQL driver for Go. This memory-safety vulnerability could allow an attacker to cause various impacts, such as denial of service DoS or potentially arbitrary code execution, by exploiting memory corruption issues. The exact method of exploitation...

9.8CVSS6.2AI score0.00561EPSS
Exploits0References5
NVD
NVD
added 3 days ago11 views

CVE-2026-42200

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS0.00542EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-42200 Coolify: PostgreSQL Init Script Path Traversal Leads to Arbitrary File Write and Root RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS0.00542EPSS
Exploits0References4
CVE
CVE
added 3 days ago11 views

CVE-2026-42200

Coolify prior to 4.0.0-beta.474 is affected by a path traversal in the PostgreSQL initialization script handling (generate_init_scripts() in app/Actions/Database/StartPostgresql.php). An authenticated user could write files outside the intended directory during database initialization, enabling c...

8.8CVSS6.1AI score0.00542EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41979

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS6.1AI score0.00542EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-42200

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS6.1AI score0.00542EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-42153 Coolify: PostgreSQL Healthcheck Command Injection Allows Root Code Execution in Container

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings postgresuser and postgresdb in shell-form commands, allowing an authenticated user to...

8.8CVSS0.00359EPSS
Exploits0References4
CVE
CVE
added 4 days ago10 views

CVE-2026-42153

Affects Coolify before version 4.0.0-beta.474. The vulnerability arises in PostgreSQL healthcheck command generation, where attacker-controlled settings (postgres_user and postgres_db) are interpolated into shell-form commands, allowing an authenticated user to inject commands executed inside the...

8.8CVSS6AI score0.00359EPSS
Exploits0References4
Snyk
Snyk
added 4 days ago5 views

Incorrect Implementation of Authentication Algorithm

Overview org.postgresql:postgresql is a Java JDBC 4.2 JRE 8+ driver for PostgreSQL database. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the ScramAuthenticator class, which fails open by confirming only that the server advertised a...

8.2CVSS6AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41903

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00251EPSS
Exploits0References3
Debian CVE
Debian CVE
added 4 days ago5 views

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00251EPSS
Exploits0
CVE
CVE
added 4 days ago45 views

CVE-2026-54291

CVE-2026-54291 affects pgjdbc (OpenJDK PostgreSQL JDBC Driver) in versions 42.7.4–42.7.11. The issue allows a silent downgrade of channelBinding from SCRAM-SHA-256-PLUS to plain SCRAM-SHA-256 when an attacker can intercept TLS and presents a certificate whose signature algorithm lacks a tls-serve...

8.2CVSS5.9AI score0.00251EPSS
Exploits0References3Affected Software1
OSV
OSV
added 4 days ago4 views

RHSA-2026:35880 Red Hat Security Advisory: libpq security update

Bulletin has no description...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References23
RedHat Linux
RedHat Linux
added 4 days ago5 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS7.9AI score0.00464EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago5 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS7.5AI score0.00668EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56026

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description PostgreSQL healthcheck command generation uses attacker-controlled database settings in shell-form commands. This allows an authenticated user to perform command injection executed within th...

8.8CVSS5.9AI score0.00359EPSS
Exploits0References10
Rows per page
Query Builder