RHSA-2026:4059 Red Hat Security Advisory: postgresql:15 security update

Bulletin has no description...

RHSA-2026:4063 Red Hat Security Advisory: postgresql:16 security update

Bulletin has no description...

RHSA-2026:4024 Red Hat Security Advisory: postgresql:13 security update

Bulletin has no description...

postgresql:16 security update

An update is available for pgrepack, module.pgvector, pgaudit, module.postgis, postgis, pgvector, module.postgres-decoderbufs, module.pgaudit, postgresql, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base...

postgresql:16 security update

An update is available for pgrepack, pgaudit, module.postgres-decoderbufs, module.pgaudit, postgresql, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2026-24204

Name of the Vulnerable Software and Affected Versions PostgreSQL affected versions not specified Description A security issue exists due to the use of hard-coded credentials. This could lead to information disclosure and remote code execution when the SOCKS Proxy is enabled, and administrator...

Oracle Linux 8 : postgresql:15 (ELSA-2026-4059)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4059 advisory. - Fix CVE-2026-2004: PostgreSQL intarray missing validation of type of input - Fix CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow - Fix...

Schneider Electric EcoStruxure IT Data Center Expert 信任管理问题漏洞

Schneider Electric EcoStruxure IT Data Center Expert is an extensible monitoring software developed by Schneider Electric, a French company. It is used to collect, organize, and distribute information about critical devices, providing a comprehensive view of the devices. Schneider Electric...

Oracle Linux 8 : postgresql:16 (ELSA-2026-4063)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4063 advisory. - Fix CVE-2026-2004: PostgreSQL intarray missing validation of type of input - Fix CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow - Fix...

Oracle Linux 9 : postgresql:16 (ELSA-2026-4110)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4110 advisory. pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3635 pgrepack 1.5.1-1 - Update to v1.5.1...

Oracle Linux 8 : postgresql:13 (ELSA-2026-4024)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4024 advisory. - fix CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 - Resolves: RHEL-128818 CVE-2025-12818 - Fix CVE-2025-1094 - Fixes: CVE-2024-10976 CVE-2024-10978...

PT-2026-24651

Impact An attacker can use a dot-notation field name in combination with the sort query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with t...

postgresql:12 security update

12.22-6.0.1 - Add backport of CVE-2025-8714 Orabug: 38667546 12.22-6 - Fix CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 12.22-5 - Fix previous Backport 12.22-4 - Backport CVE-2025-8715 12.22-3 - Fix backport for CVE-2025-1094 12.22-2 - Backport fix for CVE-2025-1094 12.22-1 - Update to 12.22 - Fixes...

PT-2026-24635

Impact An attacker can use a dot-notation field name in combination with the sort query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with t...

CVE-2026-25041

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

CVE-2026-25041 Budibase has a Command Injection in PostgreSQL Dump Command

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

CVE-2026-25041

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

EUVD-2026-10353

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

CVE-2026-25041 Budibase has a Command Injection in PostgreSQL Dump Command

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

CVE-2026-25041

CVE-2026-25041 affects Budibase where the PostgreSQL integration builds a shell command by interpolating user-provided config (host, database, password, etc.) into the dump command in packages/server/src/integrations/postgres.ts. This creates a command-injection risk via crafted configuration val...