Lucene search
K

1168 matches found

RedHat Linux
RedHat Linux
added 4 days ago3 views

github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References5
NVD
NVD
added 6 days ago6 views

CVE-2026-42153

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings postgresuser and postgresdb in shell-form commands, allowing an authenticated user to...

8.8CVSS0.00359EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-54291 Silent channel-binding authentication downgrade via unsupported certificate algorithms

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS0.00236EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-527 Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

9.9CVSS6.7AI score0.00301EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2026/06/28 12:1 a.m.7 views

libpq security update

An update is available for libpq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpq package provides the PostgreSQL client library, which allows client...

3.7CVSS6.6AI score0.00616EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

Oracle Linux 9 : postgresql:15 (ELSA-2026-28037)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28037 advisory. pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new buil...

8.8CVSS7AI score0.00668EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

Oracle Linux 9 : postgresql:16 (ELSA-2026-26203)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26203 advisory. pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3635 pgrepack 1.5.1-1 - Update to v1.5.1...

8.8CVSS7AI score0.00668EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-47375

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula...

6CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:36 p.m.28 views

CVE-2026-47375 NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula...

6CVSS0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:36 p.m.6 views

CVE-2026-47375

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula...

6CVSS6AI score0.00215EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 8:36 p.m.20 views

CVE-2026-47375

CVE-2026-47375 (NocoDB) : A Postgres-backed deployment is vulnerable to authenticated SQL injection through the ARRAYSORT formula when a user with columnAdd permission supplies a malicious second argument. The issue arises because the attacker-controlled value is embedded into a knex.raw ORDER BY...

6CVSS6AI score0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:40 p.m.5 views

CVE-2026-54310

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the...

6.5CVSS6AI score0.00394EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/23 12:1 p.m.4 views

RLSA-2026:28143 Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/16 5:51 p.m.6 views

NPM: n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes

NPM: n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...

9.9CVSS6AI score0.00394EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50176

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with permissions to create or modify workflows can provide crafted parameters to the TimescaleDB and legacy Postgres v1 nodes. This allows arbitrary SQ...

9.9CVSS6.2AI score0.00394EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 7:48 p.m.10 views

Malicious code in workflow-postgres-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19848a1b4a7188ada5866c459ec2b966b9aa6ba1d23e3c25b1f54939e6a6b963 The package advertises itself as a Postgres/workflow setup helper but ships no library code — the declared main entry index.js is absent from the...

5.4AI score
Exploits0References1
Atlassian
Atlassian
added 2026/06/12 5:45 p.m.8 views

DoS (Denial of Service) org.postgresql:postgresql Dependency in Bamboo Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6, 10.2.7, 10.2.8, 10.2.9, 10.2.10, 10.2.11, 10.2.12, 10.2.13, 10.2.14, 10.2.15, 10.2.16, 10.2.18, and 10.2.19 of Bamboo Data Center. This DoS Denial of Service...

5.2AI score
Exploits0
EUVD
EUVD
added 2026/06/11 8:33 p.m.15 views

EUVD-2026-34901

AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/11 8:33 p.m.15 views

AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. An issue in Aurora PostgreSQL using the AWS Go Wrapper waa identified, see CVE-2026-11401. Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References5Affected Software11
Cvelist
Cvelist
added 2026/06/11 3:53 p.m.36 views

CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS0.00247EPSS
Exploits1References1
Rows per page
Query Builder