CVE-2026-9617 PostgreSQL Anonymizer: malicious column name allows SQL injection via anon.k_anonymity() function

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

BIT-JAVA-MIN-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

PT-2026-37903

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

PT-2026-37907

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

EUVD-2025-24628

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-17664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before...

CVE-2025-20970

Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege...

PT-2025-16126 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14 Description: Processing a file may lead to a denial-of-service or potentially disclose memory contents. The issue was addressed with improved checks. Recommendations: For versions prior to 14, update to macOS 14 to...

CVE-2025-32017

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 an...

Next.js 14.x < 14.2.25 Authorization Bypass

The version of Next.js installed on the remote host is 11.1.4 prior to 12.3.5, 13.0.x prior to 13.5.9, 14.x prior to 14.2.25 or 15.x prior to 15.2.3. It is, therefore, affected by Authorization Bypass if the authorization check occurs in middleware. Note that the scanner has not attempted to...

Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.17: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

CVE-2025-20897

Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder...

RHSA-2023:1742 Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

Bulletin has no description...

PostgreSQL 12.x < 12.20 / 13.x < 13.16 / 14.x < 14.13 / 15.x < 15.8 / 16.x 16.4 SQL Injection<

The version of PostgreSQL installed on the remote host is 12 prior to 12.20, 13 prior to 13.16, 14 prior to 14.13, 15 prior to 15.8, or 16 prior to 16.4. As such, it is potentially affected by a vulnerability : - Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an...

PostgreSQL TOCTOU Vulnerability (Aug 2024) - Windows

PostgreSQL is prone to a time-of-check time-of-use TOCTOU race condition vulnerability in pgdump. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

PostgreSQL 14.x < 14.12, 15.x < 15.7, 16.x < 16.3 Information Disclosure Vulnerability - Linux

PostgreSQL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE-SU-2024:0552-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.11: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY bsc1219679...

PostgreSQL 12.x < 12.18 / 13.x < 13.14 / 14.x < 14.11 / 15.x < 15.6 SQL Injection

The version of PostgreSQL installed on the remote host is 12 prior to 12.18, 13 prior to 13.14, 14 prior to 14.11, or 15 prior to 15.6. It is, therefore, affected by following vulnerability: - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to...

PostgreSQL 12.x < 12.18, 13.x < 13.14, 14.x < 14.11, 15.x < 15.6, 16.x < 16.1 Privilege Escalation Vulnerability - Linux

PostgreSQL is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PostgreSQL 12.x < 12.18, 13.x < 13.14, 14.x < 14.11, 15.x < 15.6, 16.x < 16.1 Privilege Escalation Vulnerability - Windows

PostgreSQL is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...