CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

CVE-2026-6473

CVE-2026-6473 affects PostgreSQL server features where integer wraparound can cause undersized allocations and write out-of-bounds. An unprivileged database user could potentially execute arbitrary code as the OS user running the database, or trigger segmentation faults with gigabyte-scale inputs...

EUVD-2026-30282

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...

Linux Distros Unpatched Vulnerability : CVE-2026-6479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of...

PT-2026-40922

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description The use of the dangerous function PQfn..., result is int=...

Linux Distros Unpatched Vulnerability : CVE-2026-6472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including...

PT-2026-40924

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Uncontrolled recursion during SSL and GSS negotiation...

PT-2026-40919

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description An externally-controlled format string in the timeofday...

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Prior to PostgreSQL 18.4, there was a security vulnerability...

Vulnerability in core server (CVE-2026-6473)

PostgreSQL server undersizes allocations, via integer wraparound Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user...

KLA91051 ACE vulnerability in PostgreSQL

A remote code execution vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories PostgreSQL REFRESH PUBLICATION allows SQL injection via table name Exploitation Related products PostgreSQL CVE lis...

Unity Linux 20.1060e / 20.1070e Security Update: postgresql (UTSA-2026-017516)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017516 advisory. A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates...

Unity Linux 20.1060e / 20.1070e Security Update: postgresql (UTSA-2026-017500)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017500 advisory. A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If...

Unity Linux 20.1060e / 20.1070e Security Update: postgresql (UTSA-2026-017576)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017576 advisory. A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns...

Exploit for CVE-2025-1094

--- POC Khai thác lỗ hổng CVE-2025-1094: PostgreSQL psql SQL...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-017349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017349 advisory. A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls wit...

ROS-20260429-73-0007

A vulnerability in the PostgreSQL database management system's oidvector data type handling function is related to reading beyond memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to expose server memory bytes and gain access to sensitive informat...

ROS-20260429-73-0018

A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...