13195 matches found
ROOT-OS-DEBIAN-11-CVE-2026-6473 CVE-2026-6473 in rootio-postgresql-13 - Patched by Root
Root has patched CVE-2026-6473 in the rootio-postgresql-13 package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-2005 CVE-2026-2005 in rootio-postgresql-13 - Patched by Root
Root has patched CVE-2026-2005 in the rootio-postgresql-13 package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-2004 CVE-2026-2004 in rootio-postgresql-13 - Patched by Root
Root has patched CVE-2026-2004 in the rootio-postgresql-13 package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-6477 CVE-2026-6477 in rootio-postgresql-13 - Patched by Root
Root has patched CVE-2026-6477 in the rootio-postgresql-13 package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-6479 CVE-2026-6479 in rootio-postgresql-13 - Patched by Root
Root has patched CVE-2026-6479 in the rootio-postgresql-13 package for Root:Debian:11. Multiple fixed versions available...
RLSA-2026:25030 Important: postgresql-jdbc security update
PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...
postgresql-jdbc security update
An update is available for postgresql-jdbc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management syste...
RockyLinux 8 : postgresql-jdbc (RLSA-2026:25030)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25030 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding...
📄 Drupal core 10.5.5 JSON:API PostgreSQL Error-Based SQL Injection
This code demonstrates a research-oriented implementation targeting a reported SQL injection condition in Drupal JSON:API endpoints backed by PostgreSQL. ================================================================================================================================== | Title :...
PostgreSQL Anonymizer SQL注入漏洞
PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a SQL injection vulnerability. This vulnerability arises from...
PT-2026-48676
Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.1 Description An issue exists where a user can obtain superuser privileges by creating a JSON document containing malicious code within a specific key-value pair. This occurs when a superuser execute...
Oracle Linux 8 : postgresql-jdbc (ELSA-2026-25030)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-25030 advisory. 42.2.14-4 - Limit SCRAM PBKDF2 iterations to prevent DoS via malicious server - Resolves: CVE-2026-42198 Tenable has extracted the preceding description block...
RockyLinux 10 : postgresql-jdbc (RLSA-2026:24348)
The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:24348 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding...
AlmaLinux 8 : postgresql-jdbc (ALSA-2026:25030)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:25030 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding descripti...
OPENSUSE-SU-2026:11001-1 postgresql-jdbc-42.7.11-1.1 on GA media
These are all security issues fixed in the postgresql-jdbc-42.7.11-1.1 package on the GA media of openSUSE Tumbleweed...
openSUSE 16 Security Update : postgresql18 (openSUSE-SU-2026:20901-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20901-1 advisory. This update for postgresql18 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema...
RHEL 8 : postgresql-jdbc (RHSA-2026:25030)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25030 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs...
Fedora 45 : junit5 / ongres-scram / ongres-stringprep / postgresql-jdbc (2026-ef76680eea)
The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-ef76680eea advisory. postgresql-jdbc update and CVE fix. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...
CVE-2026-20253
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...
CVE-2026-20253 Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...