RockyLinux 8 : postgresql:16 (RLSA-2026:4063)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4063 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

RHEL 8 : postgresql:12 (RHSA-2026:4075)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4075 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of...

RHEL 8 : postgresql:16 (RHSA-2026:4063)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4063 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of...

ALSA-2026:4024 Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator...

RockyLinux 8 : postgresql:12 (RLSA-2026:4064)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4064 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

RockyLinux 9 : postgresql:16 (RLSA-2026:4110)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4110 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

RHEL 9 : postgresql:16 (RHSA-2026:4110)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4110 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of...

Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator...

Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator...

CVE-2026-30860

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

CVE-2026-30860 WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

CVE-2026-30860 WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

CVE-2026-30860

CVE-2026-30860 affects WeKnora prior to version 0.2.12. The issue is in the database query validation where PostgreSQL array/row expressions allow smuggling dangerous functions, bypassing SQL injection protections and enabling unauthenticated arbitrary code execution on the database server with d...

CVE-2026-30860

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

[SECURITY] Fedora 44 Update: pgadmin4-9.12-2.fc44

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Fedora 44 : postgresql16-anonymizer (2026-1ace5758de)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1ace5758de advisory. Updated to newest version fixing CVEs found in the previous one Tenable has extracted the preceding description block directly from the Fedora...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection inadequate recursive validation of PostgreSQL array and row expressions in the validateNode function. An attacker can execute arbitrary SQL functions and achieve code execution on the database server by crafting malicious...

GHSA-8W32-6MRW-Q5WV WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

Summary A critical Remote Code Execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By...

CVE-2026-29089

TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the searchpath setting to locate unqualified database objects tables, functions, operators. If the searchpath includes user-writable...

OESA-2026-1531 postgresql-17 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...