JLSEC-2026-25

It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affect...

EUVD-2020-6494

Malware in sbrugna...

CLSA-2025-1757523038 Fix CVE(s): CVE-2025-1735

SECURITY UPDATE: inadequate error checking in pgsql and pdopgsql escaping functions - debian/patches/CVE-2025-1735.patch: Add error checks for escape function in pgsql and pdopgsql extensions to prevent storing of improperly escaped data - CVE-2025-1735...

CLSA-2025-1753465703 php: Fix of 3 CVEs

CVE-2025-1220: error if host contains null bytes in the middle of the string - CVE-2025-6491: fix NULL pointer dereference vulnerability in soap - CVE-2025-1735: add error error checks for escape function is pgsql and pdopgsql extensions...

Linux Distros Unpatched Vulnerability : CVE-2020-14350

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this...

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script during the installation or update of such extension. This affects PostgreSQL versions before 12.4 before 11.9 before 10.14 before 9.6.19 and before 9.5.23.

...

UBUNTU-CVE-2020-14350

It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affect...