GHSA-MWF2-QR4V-94H2 Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

CVE-2026-23984

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

EUVD-2026-8475

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

PT-2026-21682

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 6.0.0 Description An issue exists in Apache Superset where an authenticated user with SQLLab access can bypass the read-only verification check when using a PostgreSQL database connection. The system does not...

PostgreSQL Connection and Authorization Information

Article Applicability This article provides general information regarding PostgreSQL configuration and connectivity. The details are based on and tested exclusively with Windows-based PostgreSQL instances installed by Veeam products such as Veeam Backup & Replication, Veeam ONE, and Veeam Backup...

EUVD-2018-2970

Malware in sbrugna...

How to Install and Configure PgBouncer for Veeam Backup for Microsoft 365

PgBouncer must not be deployed on the machine where Veeam Backup for Microsoft 365 is installed. This article is intended only for deployments where the PostgreSQL Instance used by Veeam Backup for Microsoft 365 is hosted on its own dedicated server. For deployments of Veeam Backup for Microsoft...

CVE-2025-53006

DataEase before version 2.10.11 vulnerable due to improper handling of SSL-related JDBC connection parameters (sslfactory, sslfactoryarg, sslhostnameverifier, sslpasswordcallback, authenticationPluginClassName) which must be triggered after the connection is established. This affects PostgreSQL a...

[SECURITY] Fedora 42 Update: pgbouncer-1.24.1-2.fc42

pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent for low-level socket handling...

Denial Of Service (DoS)

github.com/jackc/pgx is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of robust error handling Pipeline panicking when PgConn PostgreSQL connection is busy or closed, which can result in potential instability and crashes in applications using Pipeline for database...

DBTools' DBManager Information Leak Vulnerability

Centaura Technologies Security Research Lab Advisory Product Name: DBTools DBManager Professional Systems: Windows 9x/NT/2000/2003 Server Severity: Medium Remote: No Category: Information Leak Vendor URL: http://www.dbtools.com.br Advisory Author: Ignacio Vazquez Advisory URL:...