Lucene search
K

144 matches found

CVE
CVE
added 5 hours ago8 views

CVE-2026-58225

This CVE affects postgrex (specifically Postgrex.Notifications) used with elixir-ecto. The root cause is a SQL injection-like flaw in the reconnect replay: on (re)connect, handle_connect/1 concatenates LISTEN statements and wraps them in a dollar-quoted block (DO $$ ... $$). quote_channel/1 doubl...

2.1CVSS6.3AI score
Exploits0References4
Cvelist
Cvelist
added 5 hours ago7 views

CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS
Exploits0References4
Vulnrichment
Vulnrichment
added 5 hours ago4 views

CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS6.3AI score
Exploits0References4
OSV
OSV
added 2026/06/16 11:48 a.m.3 views

BIT-MONGODB-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 10:17 p.m.41 views

CVE-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS0.00368EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/06/09 10:17 p.m.10 views

Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/19 1:51 a.m.25 views

SUSE CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

7.5CVSS5.7AI score0.00356EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/10 8:3 a.m.10 views

pgx: SQL Injection via placeholder confusion with dollar quoted string literals

...

9.8CVSS5.8AI score0.00356EPSS
Exploits0
NVD
NVD
added 2026/05/08 5:16 p.m.22 views

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

9.8CVSS0.00356EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/08 5:16 p.m.9 views

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

9.8CVSS5.7AI score0.00356EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:53 p.m.6 views

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

2.3CVSS5.7AI score0.00356EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/08 3:53 p.m.22 views

CVE-2026-41889

CVE-2026-41889 affects the pgx PostgreSQL driver for Go. Before version 5.9.2, using the non-default simple protocol with a dollar-quoted string containing text that can be interpreted as a placeholder outside of a string literal allows SQL injection when the placeholder value is attacker-control...

9.8CVSS5.7AI score0.00356EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:53 p.m.8 views

CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

2.3CVSS5.7AI score0.00356EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 3:53 p.m.20 views

EUVD-2026-28805

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

2.3CVSS5.7AI score0.00356EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 3:53 p.m.53 views

CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

2.3CVSS0.00356EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-41889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted...

9.8CVSS5.7AI score0.00356EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/22 8:46 p.m.7 views

SQL Injection

Overview github.com/jackc/pgx/v5 is a pure Go driver and toolkit for PostgreSQL Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is interpreted...

9.8CVSS6.3AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 8:46 p.m.5 views

SQL Injection

Overview github.com/jackc/pgx/v5/internal/sanitize is a PostgreSQL driver and toolkit Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is...

9.8CVSS6.3AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 8:46 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is interpreted as a placeholder within a dollar quoted string literal. Note: This is...

9.8CVSS6.1AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 8:46 p.m.3 views

SQL Injection

Overview github.com/jackc/pgx/internal/sanitize is a PostgreSQL driver and toolkit Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is...

9.8CVSS6.3AI score0.00356EPSS
Exploits0References2
Rows per page
Query Builder