Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

84 matches found

RedhatCVE
RedhatCVEadded 2026/06/12 9:28 a.m.9 views

CVE-2026-11945

A flaw was found in PostgreSQL Anonymizer. A local user with privileges to create JSON documents can embed malicious code within a specific key-value pair. If a superuser subsequently invokes the importdatabaserules or importrolesrules functions, this malicious code will be executed with superuse...

7.5CVSS5.5AI score0.00247EPSS
Exploits1References2
NVD
NVDadded 2026/06/11 5:16 p.m.13 views

CVE-2026-11945

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

7.5CVSS0.00247EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/06/11 3:53 p.m.8 views

CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS5.5AI score0.00247EPSS
Exploits1References1
EUVD
EUVDadded 2026/06/11 3:53 p.m.6 views

EUVD-2026-36266

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS5.5AI score0.00247EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/06/11 3:53 p.m.30 views

CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS0.00247EPSS
Exploits1References1
CVE
CVEadded 2026/06/11 3:53 p.m.20 views

CVE-2026-11945

CVE-2026-11945 affects PostgreSQL Anonymizer. A local user who can create JSON documents can embed malicious code in a specific key–value pair, which is executed with superuser privileges if a superuser invokes import_database_rules() or import_roles_rules(). This leads to privilege escalation/po...

7.5CVSS5.6AI score0.00247EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/11 12:0 a.m.15 views

PT-2026-48676

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.1 Description An issue exists where a user can obtain superuser privileges by creating a JSON document containing malicious code within a specific key-value pair. This occurs when a superuser execute...

7.5CVSS5.5AI score0.00247EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/06/11 12:0 a.m.11 views

PostgreSQL Anonymizer SQL注入漏洞

PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a SQL injection vulnerability. This vulnerability arises from...

7.5CVSS5.7AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/06 6:43 p.m.11 views

CVE-2026-9617

A flaw was found in PostgreSQL Anonymizer. A user with specific table creation privileges can exploit this vulnerability by embedding malicious code within a column identifier when creating a table. If a superuser subsequently invokes the k-anonymity function, the embedded malicious code is...

8.8CVSS5.3AI score0.0025EPSS
Exploits1References2
NVD
NVDadded 2026/05/27 2:17 p.m.17 views

CVE-2026-9617

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

8.8CVSS0.0025EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/27 1:55 p.m.8 views

CVE-2026-9617 PostgreSQL Anonymizer: malicious column name allows SQL injection via anon.k_anonymity() function

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS5.9AI score0.0025EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 1:55 p.m.8 views

CVE-2026-9617

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS5.9AI score0.0025EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/05/27 1:55 p.m.41 views

CVE-2026-9617 PostgreSQL Anonymizer: malicious column name allows SQL injection via anon.k_anonymity() function

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS0.0025EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/27 1:55 p.m.6 views

EUVD-2026-32504

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS5.9AI score0.0025EPSS
Exploits1References1
CVE
CVEadded 2026/05/27 1:55 p.m.27 views

CVE-2026-9617

CVE-2026-9617 — PostgreSQL Anonymizer: A vulnerability lets a user gain superuser privileges by creating a table and embedding malicious code in a column identifier, executed when a superuser runs the k_anonymity() function. Affected environment includes PostgreSQL Anonymizer extensions; higher r...

8.8CVSS5.9AI score0.0025EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.14 views

PT-2026-43992

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.0 Description An issue allows a user to obtain superuser privileges by creating a table and embedding malicious code within a column identifier. When a superuser invokes the k-anonymity function, the...

8.8CVSS5.9AI score0.0025EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/05/27 12:0 a.m.6 views

PostgreSQL Anonymizer 安全漏洞

PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a security vulnerability that stems from allowing users to obtain...

8.8CVSS6AI score0.0025EPSS
Exploits1References1
GithubExploit
GithubExploitadded 2026/05/14 10:48 a.m.71 views

report-anonymizer

🛡️ Report Anonymizer Local LLM anonymizer for penetration-t...

5.8AI score
Exploits0
Veracode
Veracodeadded 2026/04/13 6:51 a.m.6 views

Prototype Pollution

LangSmith is vulnerable to Prototype Pollution. The vulnerability is due to an incomplete prototype pollution fix in its internally vendored lodash set utility, where the baseAssignValue function only guards against the proto key, but fails to prevent traversal via constructor.prototype, and...

5.6CVSS5.8AI score0.00233EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/10 7:47 p.m.2 views

CVE-2026-40190 LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK langsmith contains an incomplete prototype pollution fix in its internally vendored lodash set utility. The baseAssignValue function only guards against the...

5.6CVSS5.8AI score0.00233EPSS
Exploits0References1
Rows per page
Query Builder