144 matches found
CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service
SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...
CVE-2026-58225
This CVE affects postgrex (specifically Postgrex.Notifications) used with elixir-ecto. The root cause is a SQL injection-like flaw in the reconnect replay: on (re)connect, handle_connect/1 concatenates LISTEN statements and wraps them in a dollar-quoted block (DO $$ ... $$). quote_channel/1 doubl...
CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service
SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...
BIT-MONGODB-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash
An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...
CVE-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash
An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...
Metadata name collision on $-prefixed fields causes post-auth server crash
An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...
SUSE CVE-2026-41889
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...
pgx: SQL Injection via placeholder confusion with dollar quoted string literals
...
CVE-2026-41889
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...
CVE-2026-41889
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...
CVE-2026-41889
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...
CVE-2026-41889
CVE-2026-41889 affects the pgx PostgreSQL driver for Go. Before version 5.9.2, using the non-default simple protocol with a dollar-quoted string containing text that can be interpreted as a placeholder outside of a string literal allows SQL injection when the placeholder value is attacker-control...
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...
EUVD-2026-28805
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...
Linux Distros Unpatched Vulnerability : CVE-2026-41889
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted...
SQL Injection
Overview github.com/jackc/pgx/v5 is a pure Go driver and toolkit for PostgreSQL Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is interpreted...
SQL Injection
Overview github.com/jackc/pgx/v5/internal/sanitize is a PostgreSQL driver and toolkit Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is interpreted as a placeholder within a dollar quoted string literal. Note: This is...
SQL Injection
Overview github.com/jackc/pgx/internal/sanitize is a PostgreSQL driver and toolkit Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is...