RockyLinux 8 : postgresql:15 (RLSA-2026:26181)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26181 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an...

RockyLinux 9 : postgresql:18 (RLSA-2026:26204)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26204 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...

CVE-2026-48114 Metacat has an unauthenticated SQL injection vulnerability

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...

CVE-2026-48114 Metacat has an unauthenticated SQL injection vulnerability

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...

VulnCheck KEV: CVE-2026-20253

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

SUSE SLES15 Security Update : postgresql17 (SUSE-SU-2026:2303-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2303-1 advisory. This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user...

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk...

postgresql-jdbc-42.7.11-1.1 on GA media (moderate)

postgresql-jdbc-42.7.11-1.1 on GA media Announcement ID: openSUSE-SU-2026:11001-1 Rating: moderate Cross-References: CVE-2026-42198 CVSS scores: CVE-2026-42198 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability ca...

CVE-2026-11945

A flaw was found in PostgreSQL Anonymizer. A local user with privileges to create JSON documents can embed malicious code within a specific key-value pair. If a superuser subsequently invokes the importdatabaserules or importrolesrules functions, this malicious code will be executed with superuse...

MiracleLinux 8 : postgresql-jdbc-42.2.14-4.el8_10 (AXSA:2026-782:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-782:01 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding...

GHSA-R236-5PC3-3QCP AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. An issue in Aurora PostgreSQL using the AWS Go Wrapper waa identified, see CVE-2026-11401. Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to...

CVE-2026-11945

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

EUVD-2026-36266

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

CVE-2026-11945

CVE-2026-11945 affects PostgreSQL Anonymizer. A local user who can create JSON documents can embed malicious code in a specific key–value pair, which is executed with superuser privileges if a superuser invokes import_database_rules() or import_roles_rules(). This leads to privilege escalation/po...

CVE-2026-52758

Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the...

RLSA-2026:24348 Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...

postgresql-jdbc security update

An update is available for postgresql-jdbc. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management...

RLSA-2026:22714 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...

osbuild-composer security update

An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...

ROOT-OS-DEBIAN-11-CVE-2026-2005 CVE-2026-2005 in rootio-postgresql-13 - Patched by Root

Root has patched CVE-2026-2005 in the rootio-postgresql-13 package for Root:Debian:11. Multiple fixed versions available...