Lucene search
K

570 matches found

BDU FSTEC
BDU FSTEC
added yesterday25 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00385EPSS
Exploits0References11Affected Software9
NVD
NVD
added 4 days ago6 views

CVE-2026-54760

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...

9.3CVSS0.00646EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/30 1:11 p.m.7 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS6.6AI score0.00558EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 12:26 p.m.5 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 3:13 p.m.6 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in PostgresSQL-15

Lack of authorization in the PostgreSQL CREATE STATISTICS command allows a table owner to perform denial of service against other users who also attempt to execute CREATE STATISTICS commands within the same schema. A subsequent execution of the CREATE STATISTICS command with the same name, by a...

3.1CVSS6AI score0.00222EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in PostgresSQL-15

Improper validation of the “oidvector” type in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out the possibility of attacks where confidential information is included in the disclosed bytes, but such attacks seem unlikely. Versions of PostgreSQL pri...

4.3CVSS5.7AI score0.00281EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/06/24 12:1 p.m.8 views

libpq security update

An update is available for libpq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpq package provides the PostgreSQL client library, which allows client...

8.8CVSS5.9AI score0.00668EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/22 8:17 p.m.4 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS6AI score0.00324EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 3:24 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in postgresql-42.6.1.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in postgresql-42.6.1.jar Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service...

7.5CVSS5.3AI score0.0077EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/17 8:2 a.m.7 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS6AI score0.00668EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 12:18 p.m.11 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.7AI score0.00324EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.9 views

TencentOS Server 4: postgresql (TSSA-2026:0343)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0343 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.8CVSS6.7AI score0.00668EPSS
Exploits0References6
Amazon
Amazon
added 2026/06/08 12:0 a.m.13 views

Important: postgresql

Issue Overview: Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores...

8.8CVSS6.5AI score0.00464EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.17 views

RHEL 10 : osbuild-composer (RHSA-2026:22450)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22450 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...

10CVSS5.7AI score0.01945EPSS
Exploits3References25
F5 Networks
F5 Networks
added 2026/06/04 6:35 a.m.22 views

K000161575: PostgreSQL vulnerability CVE-2022-1552

Security Advisory Description A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated...

8.8CVSS7.2AI score0.12403EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/27 7:38 p.m.15 views

Langroid has Prompt to SQL Injection, Leading to RCE

Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scope langroid @localhost:5432/postgres" Create SQL Chat Agent config = SQLChatAgentConfig databaseuri=DATABASEURI, llm=OpenAIGPTConfig apibase=os.getenv"bas...

9.8CVSS6.6AI score0.00409EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/21 11:53 a.m.13 views

CVE-2026-6474

A flaw was found in PostgreSQL. This vulnerability, an externally-controlled format string in the timeofday function, allows a remote attacker to craft specific timezone zones. Successful exploitation can lead to the retrieval of sensitive portions of server memory, potentially disclosing...

4.3CVSS5.7AI score0.00208EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in PostgreSQL versions prior to 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20, and before 9.5.24. An attacker who has permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The...

8.8CVSS8AI score0.4644EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in PostgresSQL 11

An information leak was discovered in PostgreSQL versions prior to 13.2, before 12.6, and before 11.11. A user with UPDATE permission but without SELECT permission for a specific column could create queries that, under certain circumstances, might reveal values from that column in error messages...

4.3CVSS6.1AI score0.01187EPSS
Exploits2References2
Rows per page
Query Builder