CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

UbuntuCve•added 2026/05/14 2:16 p.m.•6 views

CVE-2026-6575

Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...

4.3CVSS5.8AI score0.00208EPSS

OSV•added 2026/05/14 2:16 p.m.•5 views

UBUNTU-CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

8.8CVSS6.1AI score0.00187EPSS

5.4CVSS6.1AI score0.00159EPSS

UBUNTU-CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

OSV•added 2026/05/14 2:16 p.m.•4 views

UBUNTU-CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

7.5CVSS5.8AI score0.00471EPSS

UbuntuCve•added 2026/05/14 2:16 p.m.•20 views

CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00324EPSS

UbuntuCve•added 2026/05/14 2:16 p.m.•6 views

CVE-2026-6479

7.5CVSS5.8AI score0.00471EPSS

OSV•added 2026/05/14 2:16 p.m.•1 views

UBUNTU-CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS6AI score0.00284EPSS

OSV•added 2026/05/14 2:16 p.m.•3 views

UBUNTU-CVE-2026-6473

8.8CVSS6.2AI score0.004EPSS

8.8CVSS5.8AI score0.00324EPSS

UBUNTU-CVE-2026-6475

8.8CVSS6.4AI score0.00378EPSS

UBUNTU-CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

6.5CVSS5.8AI score0.00238EPSS

UBUNTU-CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

OSV•added 2026/05/14 2:16 p.m.•3 views

UBUNTU-CVE-2026-6575

4.3CVSS5.8AI score0.00208EPSS