PT-2026-37219

Name of the Vulnerable Software and Affected Versions SQLBot versions prior to 1.7.1 Description The Text2SQL chat interface is susceptible to prompt injection. The question parameter is concatenated into the Large Language Model LLM prompt without filtering or escaping, and the resulting SQL is...

Exploit for Heap-based Buffer Overflow in Postgresql

CVE-2026-2005 — PostgreSQL pgcrypto Heap Overflow Lab A self-...

Wiz ZeroDay.Cloud Event Reveals 20-Year-Old PostgreSQL Vulnerabilities

Researchers revealed 20-year-old PostgreSQL flaws at Wiz ZeroDay.Cloud event, exposing critical bugs in pgcrypto and prompting urgent patches for database security...

Exploit for CVE-2026-42167

CVE-2026-42167 Master Exploit Tool A professional security re...

Exploit for CVE-2026-42167

\ CVE-2026-42167 POC Pre-Authentication Remote Code Executio...

BIT-POSTGRESQL-JDBC-DRIVER-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

GHSA-CG4X-64P3-X59H CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

xsslab

Dalfox XSS Lab Stored XSS / second-order XSS laboratory for i...

Security Bulletin: Multiple vulnerabilities in PostgreSQL affect PowerVM VIOS

Summary Vulnerabilities in PostgreSQL could allow an attacker to cause a denial of service CVE-2025-4207, read sensitive data CVE-2025-8713, or inject arbitrary code CVE-2025-8714, CVE-2025-8715. PowerVM VIOS uses PostgreSQL as part of Shared Storage Pools SSP and for internal administration...

Allocation of Resources Without Limits or Throttling

Overview org.postgresql:postgresql is a Java JDBC 4.2 JRE 8+ driver for PostgreSQL database. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the client-side SCRAM-SHA-256 authentication. An attacker can cause excessive CPU consumptio...

CVE-2026-42198

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

CVE-2026-42198

CVE-2026-42198 affects the pgjdbc PostgreSQL JDBC driver in versions 42.2.0 through before 42.7.11. The vulnerability is a client-side denial of service during SCRAM-SHA-256 authentication: a malicious server can force SCRAM with an extremely high iteration count, causing the client to spend unbo...

CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

ROS-20260429-73-0003

A vulnerability in the PostgreSQL database management system's oidvector data type handling function is related to reading beyond memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to expose server memory bytes and gain access to sensitive informat...

ROS-20260429-73-0006

A vulnerability in the PostgreSQL database management system's oidvector data type handling function is related to reading beyond memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to expose server memory bytes and gain access to sensitive informat...

ROS-20260429-73-0035

A vulnerability in the Intarray extension selectivity evaluation function of the PostgreSQL database management system is related to insufficient validation of a specified input data type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the...

ROS-20260429-73-0036

A vulnerability in the Intarray extension selectivity evaluation function of the PostgreSQL database management system is related to insufficient validation of the specified input data type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the...

ROS-20260429-73-0039

A vulnerability in the Intarray extension selectivity evaluation function of the PostgreSQL database management system is related to insufficient validation of the specified input data type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the...

ROS-20260429-73-0011

A vulnerability in the pgtrgm component of the PostgreSQL database management system is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

ROS-20260429-73-0008

A vulnerability in the PostgreSQL database management system's oidvector data type handling function is related to reading beyond memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to expose server memory bytes and gain access to sensitive informat...