Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel via the authentication process. An attacker can recover user credentials by exploiting timing differences during MD5-hashed password comparison. This is only exploitable if the database contains MD5-hashed password...

UBUNTU-CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

Vulnerability in client (CVE-2026-6476)

PostgreSQL pgcreatesubscriber allows SQL injection via subscription name SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17...

AlmaLinux 9 : php:8.2 (ALSA-2026:1409)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1409 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...

Remote-Local-Exploitation-Lab-

🔐 Remote & Local Exploitation Lab 📌 Objective Exploit a vu...

Exposure of Sensitive Information Through Metadata

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata via optimizer statistics. An attacker can access sensitive sampled data by querying views, partitions, or child tables by crafting a leaky operator that bypasses view access control lis...

Important: libpq

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

@arpinum/postgres (>=4.0.0-beta12 <=4.0.0-beta14), appointmed-epr-template-common (>=0.0.46 <=0.0.65) +9 more potentially affected by CVE-2017-16082 via pg (>=6.2.2 <=6.2.3)

pg NPM version =6.2.2, =4.0.0-beta12, =0.0.46, =0.0.35, =0.13.3, =0.0.1, =0.0.1, =1.0.0, =1.0.3 - pg-promise-strict =0.3.4 - pgo =0.2.1 Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...

@emartech/me-psql-query-builder (>=1.0.0 <=1.1.0), @evocodes/parse-server (>=2.2.17 <=2.2.27) +50 more potentially affected by CVE-2017-16082 via pg (>=5.0.0 <=5.1.0)

pg NPM version =5.0.0, =1.0.0, =2.2.17, =0.9.28, =1.0.0, =0.4.0, =0.1.0, =0.0.2, =0.1.3, =0.2.30, =0.2.33 and more Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...

@aliens-lyon.fr/ep_mypads (=1.7.24), @arpinum/postgres (>=1.0.0-beta <=4.0.0-beta11) +56 more potentially affected by CVE-2017-16082 via pg (>=6.1.0 <=6.1.5)

pg NPM version =6.1.0, =1.0.0-beta, =1.0.2, =0.0.1, =0.0.23, =0.1.1, =0.1.1, =0.0.2, =0.0.9, =1.6.5, =0.2.7, =1.0.2, =1.0.3 and more Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...

@keyv/postgres (>=1.0.7 <=1.0.9), keyv-postgres (>=1.0.5 <=1.0.6) +2 more potentially affected by CVE-2017-16082 via pg (>=7.1.0 <=7.1.1)

pg NPM version =7.1.0, =1.0.7, =1.0.5, =0.0.1, =0.0.3 Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...

@starboard/models (>=2.0.0 <=3.0.1), @starboard/shared-backend (=3.0.0) +25 more potentially affected by CVE-2017-16082 via pg (>=6.0.0 <=6.0.4)

pg NPM version =6.0.0, =2.0.0, =0.6.0, =0.0.1, =1.0.0, =0.2.0, =0.1.0, =2.0.2, =1.3.1, =0.0.1, =0.0.4, =0.1.0, =0.3.3 and more Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...