144 matches found
PT-2026-50814
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.0 through 9.15 Description Stored cross-site scripting exists in the error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server, such as ErrorResponse messages, object names in...
CVE-2026-44785
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...
CVE-2026-44785
CVE-2026-44785 affects Discourse. The vulnerability arises because the AI "explain" helper validates can_see? only on the post being explained, allowing an authenticated user with access to the AI helper to read the raw contents of a hidden parent post by invoking Explain on a reply to it. Affect...
EUVD-2026-36557
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...
CVE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...
PT-2026-48982
Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The AI explain helper fails to verify the can see? permission on the reply to post of a post being explained. This allows an...
SUSE CVE-2026-7814
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
GHSA-6P2C-69CV-3FXQ pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
EUVD-2026-29082
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
CVE-2026-7814
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
CVE-2026-7814 pgAdmin 4: Stored XSS via crafted PostgreSQL object names in Browser Tree and Explain Visualizer
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
CVE-2026-7814 pgAdmin 4: Stored XSS via crafted PostgreSQL object names in Browser Tree and Explain Visualizer
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
CVE-2026-7814
Summary: CVE-2026-7814 is a stored XSS in pgAdmin 4’s Browser Tree and Explain Visualizer. User-controlled PostgreSQL object names (database, schema, table, column, etc.) were inserted into the DOM via innerHTML, enabling crafted names with HTML markup to execute attacker-supplied JavaScript in a...
PT-2026-39624
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description A stored cross-site scripting XSS issue exists in the Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names, such as those for databases, schemas, tables, or columns,...
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening
Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a...
OPENSUSE-SU-2026:20489-1 Security update for pgvector
This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18...
SUSE-SU-2026:21153-1 Security update for pgvector
This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18...
openSUSE Security Advisory (SUSE-SU-2026:1068-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for pgvector
This update for pgvector fixes the following issue: Update to pgvector 0.8.2: CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18 Patch Instructions: To install this SUSE update use the SUSE recommended...