OPENSUSE-SU-2026:10807-1 postgresql15-15.18-1.1 on GA media

These are all security issues fixed in the postgresql15-15.18-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10808-1 postgresql16-16.14-1.1 on GA media

These are all security issues fixed in the postgresql16-16.14-1.1 package on the GA media of openSUSE Tumbleweed...

PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

...

PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

...

PostgreSQL refint allows stack buffer overflow and SQL injection

...

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

...

PostgreSQL timeofday() can disclose portions of server memory

...

PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice

...

PostgreSQL REFRESH PUBLICATION allows SQL injection via table name

...

PostgreSQL server undersizes allocations, via integer wraparound

...

PostgreSQL discloses MD5-hashed passwords via covert timing channel

...

CVE-2026-41889

A flaw was found in pgx, a PostgreSQL driver and toolkit for Go. This SQL injection vulnerability can occur when using the non-default simple protocol, a dollar-quoted string literal in the SQL query, and when that string literal contains text interpreted as a placeholder with an...

CVE-2026-7373

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

CVE-2026-7373 Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

EUVD-2026-30498

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directo...

Rapid7 Metasploit Pro 访问控制错误漏洞

Rapid7 Metasploit Pro is a penetration testing software developed by Rapid7, Inc. Rapid7 Metasploit Pro has a access control vulnerability. This vulnerability arises from the Metasploit PostgreSQL service attempting to load OpenSSL configuration files from a non-existent directory that is writabl...

FreeBSD : PostgreSQL -- Multiple vulnerabilities (7185ecc9-4fb7-11f1-bc50-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7185ecc9-4fb7-11f1-bc50-6cc21735f730 advisory. The PostgreSQL project reports: Missing authorization in PostgreSQL CREATE TYPE allows an obje...

GHSA-VMW2-QWM8-X84C Marten has an injection vulnerability in its full-text search regConfig parameter

Summary Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to untrusted input a SQL injection sink. Affected APIs - IQuerySession.SearchAsyncstring...

Marten has an injection vulnerability in its full-text search regConfig parameter

Summary Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to untrusted input a SQL injection sink. Affected APIs - IQuerySession.SearchAsyncstring...

CVE-2026-42032

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...