Lucene search
+L

512 matches found

BDU FSTEC
BDU FSTEC
added yesterday28 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00736EPSS
Exploits1References11Affected Software9
OSV
OSV
added 2026/07/09 11:49 p.m.4 views

CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...

9.3CVSS6.1AI score0.00646EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 1:59 p.m.13 views

Malicious code in mcp-server-pg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d68bdfced357622e33e4608bd35ded4d8988ea6dc7da073b3a83075978815d On npm install, scripts/postinstall.js unconditionally reads a range of installer-owned identity and configuration files and POSTs a JSON payload to ...

5.9AI score
Exploits0References22
OSV
OSV
added 2026/07/07 1:59 p.m.7 views

MAL-2026-6922 Malicious code in mcp-server-pg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d68bdfced357622e33e4608bd35ded4d8988ea6dc7da073b3a83075978815d On npm install, scripts/postinstall.js unconditionally reads a range of installer-owned identity and configuration files and POSTs a JSON payload to ...

6.1AI score
Exploits0References22
OSV
OSV
added 2026/07/02 5:42 p.m.5 views

GHSA-PMCH-G965-GRMR Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...

8.7CVSS6.1AI score0.00686EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/01 6:20 p.m.6 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.6AI score0.00464EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2026/07/01 6:1 a.m.6 views

ruby:3.3 security update

An update is available for module.ruby, module.rubygem-mysql2, module.rubygem-pg, rubygem-mysql2, ruby, rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...

7.6CVSS6AI score0.00813EPSS
Exploits0
Fedora
Fedora
added 2026/06/28 12:58 a.m.8 views

[SECURITY] Fedora 44 Update: pgadmin4-9.16-1.fc44

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

9.5CVSS5.8AI score0.0071EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.12 views

Oracle Linux 9 : postgresql:15 (ELSA-2026-28037)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28037 advisory. pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new buil...

8.8CVSS7AI score0.00668EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 6:5 a.m.9 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS6AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 8:2 a.m.9 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.6AI score0.00324EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:11 a.m.10 views

Malicious code in @mastra/pg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a70008c61b1e4ef205086d9fbbeb0435c8cee10e414626617fec6b946d45c84 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 3:11 a.m.6 views

MAL-2026-5959 Malicious code in @mastra/pg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a70008c61b1e4ef205086d9fbbeb0435c8cee10e414626617fec6b946d45c84 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

MiracleLinux 8 : ruby:3.3 (AXSA:2026-769:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

8.1CVSS6AI score0.01131EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 1:13 p.m.4 views

CLEANSTART-2026-BE05060 Security fixes for CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-39821, CVE-2026-42502, CVE-2026-42506 applied in versions: 1.29.1-r0

Multiple security vulnerabilities affect the cloudnative-pg package. These issues are resolved in later releases. See references for individual vulnerability details...

9.6CVSS5.9AI score0.00478EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.13 views

CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

7.2CVSS6AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 7:27 p.m.10 views

CVE-2026-6475

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 3:46 p.m.29 views

CVE-2026-44477

CVE-2026-44477 affects CloudNativePG prior to 1.29.1 and 1.28.3. The metrics exporter opens a PostgreSQL connection as the superuser and demotes to pg_monitor with SET ROLE, but the session_user remains postgres. Any SQL in the scrape session can call RESET ROLE to recover superuser privileges, t...

9.9CVSS5.9AI score0.0048EPSS
Exploits0References5Affected Software1
Rockylinux
Rockylinux
added 2026/05/28 3:43 p.m.28 views

ruby:4.0 security update

An update is available for module.ruby, module.rubygem-mysql2, module.rubygem-pg, rubygem-mysql2, ruby, rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...

9.1CVSS6.7AI score0.01131EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/05/26 12:0 a.m.27 views

ruby:3.3 security update

ruby 3.3.10-6 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171247 rubygem-abrt 0.4.0-1 - Update to abrt 0.4.0. Resolves: rhbz1842476 rubygem-mysql2 0.5.5-1 - Upgrade to mysql2 0.5.5. Related: RHEL-17090 rubygem-pg 1.5.4-1 - Upgrade to pg 1.5.4...

8.1CVSS6.3AI score0.01131EPSS
Exploits0
Rows per page
Query Builder