CVE-2026-46445

SOGo before 5.12.7 that uses PostgreSQL is vulnerable to SQL injection (CVE-2026-46445). The CVE description identifies affected software as SOGo prior to 5.12.7 and notes a PostgreSQL-related SQL injection path. The provided metrics indicate a HIGH severity (CVSS 3.1: AV:N/AC:H/PR:L/UI:N/S:U/C:H...

EUVD-2026-30212

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4 and 17.10 contained an SQL...

PostgreSQL 格式化字符串错误漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...

PT-2026-40917

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Missing authorization in the CREATE TYPE command allows a...

PT-2026-40933

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An authenticated user with permissions to create or modify workflows can achieve global prototype pollution through an unvalidated pagination...

PT-2026-41160

Name of the Vulnerable Software and Affected Versions Marten versions prior to 8.36.1 Description Full-text search APIs interpolate the user-supplied regConfig parameter directly into generated SQL without parameterization or validation. This creates a SQL injection sink in any code path where...

SOGo SQL注入漏洞

SOGo is a very fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.7 had an SQL injection...

Linux Distros Unpatched Vulnerability : CVE-2026-6473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write...

Linux Distros Unpatched Vulnerability : CVE-2026-6575

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one...

Linux Distros Unpatched Vulnerability : CVE-2026-6475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc,...

Linux Distros Unpatched Vulnerability : CVE-2026-6474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones...

Linux Distros Unpatched Vulnerability : CVE-2026-6637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack buffer overflow in PostgreSQL module refint allows an unprivileged database user to execute arbitrary code as the operating system user running the...

Vulnerability in core server (CVE-2026-6479)

PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do t...

Vulnerability in core server (CVE-2026-6575)

PostgreSQL pgrestoreattributestats accepts values that cause query planning to read past end of stats array Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table...

PT-2026-39898

Name of the Vulnerable Software and Affected Versions Kysely versions prior to 0.28.16 Description Improper input handling in the JSON-path compiler allows attackers to access sensitive JSON data. The software fails to escape JSON-path metacharacters such as ., , , , , and ?, only doubling single...

pgAdmin SQL注入漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability could allow authenticated users to inject arbitrary commands in the psql copy command, enabling executio...

Unity Linux 20.1060e / 20.1070e Security Update: postgresql (UTSA-2026-017503)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017503 advisory. A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to creat...

Unity Linux 20.1070e Security Update: postgresql (UTSA-2026-017787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017787 advisory. A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. Tenable ha...

pgx SQL注入漏洞

pgx is a PostgreSQL driver and toolkit for Go language. Versions of pgx prior to 5.9.2 have a SQL injection vulnerability. This vulnerability occurs when using a non-default simple protocol; placeholders in dollar quotation string literals may be misinterpreted incorrectly, leading to SQL injecti...