Lucene search
K

504 matches found

OSV
OSV
added 2026/05/18 7:48 a.m.8 views

SUSE-SU-2026:1945-1 Security update for postgresql18

This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard agains...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References24
EUVD
EUVD
added 2026/05/14 1:0 p.m.11 views

EUVD-2026-30286

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 1:0 p.m.29 views

CVE-2026-6476

CVE-2026-6476 describes a SQL injection in PostgreSQL pg_createsubscriber. An attacker with pg_create_subscription rights can execute arbitrary SQL as a superuser when pg_createsubscriber runs next. Affected are major versions 17 and 18, with minor versions before PostgreSQL 18.4 and 17.10; versi...

7.2CVSS6.1AI score0.00287EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/14 1:0 p.m.37 views

CVE-2026-6475

Summary (CVE-2026-6475) : PostgreSQL suffers a symlink-following issue in the pg_basebackup plain format and in pg_rewind. An origin superuser can overwrite local files (for example, /var/lib/postgres/.bashrc), which could later be trusted when the server starts due to features like shared_preloa...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/05/14 1:0 p.m.8 views

CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00324EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4 and 17.10 contained an SQL...

7.2CVSS6.1AI score0.00287EPSS
Exploits0References1
PostrgeSql
PostrgeSql
added 2026/05/14 12:0 a.m.20 views

Vulnerability in client (CVE-2026-6477)

PostgreSQL libpq lo functions let server superuser overwrite client stack memory Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an...

8.8CVSS6.1AI score0.00464EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/11 3:59 p.m.6 views

Privilege Dropping / Lowering Errors

Overview Affected versions of this package are vulnerable to Privilege Dropping / Lowering Errors in the metrics exporter. An attacker can gain PostgreSQL superuser privileges and execute arbitrary OS commands as the postgres user inside the primary pod by exploiting the ability to plant shadow...

9.9CVSS6.7AI score0.0048EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 3:59 p.m.12 views

CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

Impact The CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pgmonitor. SET ROLE changes only currentuser; sessionuser remains postgres. That residual superuser identity is the foothold fo...

9.9CVSS6.1AI score0.0048EPSS
Exploits0References6Affected Software1
Chainguard
Chainguard
added 2026/05/06 7:17 p.m.13 views

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: src, argo-workflows-fips, steampipe, seaweedfs-fips, step-issuer, hydra, kube-bench-fips, kots, jitsucom-bulker, spicedb, gitlab-kas, sqlexporter-fips, chainloop-control-plane, seaweedfs-rocksdb-fips, authentik-fips, step-ca-fips, sftpgo-plugin-eventsearch, keda-fips...

9.8CVSS5.9AI score0.00356EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.17 views

GHSA-9JJ7-4M8R-RFCM vulnerabilities

Vulnerabilities for packages: kots, k3s, envoy-gateway, kine, spire-server...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.9 views

CVE-2026-33816 vulnerabilities

Vulnerabilities for packages: kots, k3s, envoy-gateway, kine, spire-server...

9.8CVSS5.9AI score0.00561EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/17 7:17 p.m.6 views

GHSA-9JJ7-4M8R-RFCM vulnerabilities

Vulnerabilities for packages: kots, commercial-chainloop-backend, k3s, spire-server, kine, commercial-expanso-edge, envoy-gateway, envoy-gateway-fips...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/04/17 7:17 p.m.21 views

CVE-2026-33816 vulnerabilities

Vulnerabilities for packages: kots, commercial-chainloop-backend, k3s, spire-server, kine, commercial-expanso-edge, envoy-gateway, envoy-gateway-fips...

9.8CVSS5.9AI score0.00561EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.9 views

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: cilium-envoy, grafana-mimir, aactl, cluster-autoscaler, kyverno-policy-reporter-ui, envoy-gateway, amazon-cloudwatch-agent-operator, rancher-machine, seaweedfs, spegel, step-ca, falco-exporter, cert-manager-csi-driver, kubernetes-csi-node-driver-registrar, telegraf,...

5.9AI score
Exploits0
OSV
OSV
added 2026/04/03 1:27 p.m.6 views

JLSEC-2026-37

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.4AI score0.12403EPSS
Exploits0References12
OSV
OSV
added 2026/04/01 9:31 a.m.3 views

CLEANSTART-2026-PV93827 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.25.4-r0, 1.25.4-r1, 1.25.4-r2

Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.1AI score0.01945EPSS
Exploits6References35
OSV
OSV
added 2026/04/01 9:31 a.m.10 views

CLEANSTART-2026-TS54009 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.24.4-r0, 1.27.3-r0, 1.27.3-r1

Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits4References19
OSV
OSV
added 2026/04/01 9:31 a.m.7 views

CLEANSTART-2026-LI47669 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.26.2-r0, 1.26.3-r0, 1.26.3-r1

Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits4References19
OSV
OSV
added 2026/04/01 9:31 a.m.7 views

CLEANSTART-2026-NC32267 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.24.4-r0, 1.28.1-r0, 1.28.1-r1

Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits4References19
Rows per page
Query Builder