PT-2026-20926

Name of the Vulnerable Software and Affected Versions RUCKUS Network Director versions prior to 4.5.0.56 Description RUCKUS Network Director RND OVA appliances include hardcoded SSH keys for the postgres user. These keys are consistent across all deployments. An attacker with network access can u...

PT-2026-20922

Name of the Vulnerable Software and Affected Versions Ruckus Network Director versions prior to 4.5.0.54 Description Ruckus Network Director RND contains hardcoded credentials for the PostgreSQL database user. By default, the PostgreSQL service is accessible over the network on TCP port 5432. An...

Command Injection via Unsanitized `locate` Output in `versions()` — systeminformation

Command Injection via Unsanitized locate Output in versions — systeminformation Package: systeminformation npm Tested Version: 5.30.7 Affected Platform: Linux Author: Sebastian Hildebrandt Weekly Downloads: 5,000,000+ Repository: https://github.com/sebhildebrandt/systeminformation Severity: Mediu...

[R2] Security Center Version 6.8.0 Fixes Multiple Vulnerabilities

R2 Security Center Version 6.8.0 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 02/18/2026 - 08:32 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components libssh, postgresql were found to contain vulnerabilities, and updated...

[SECURITY] Fedora 43 Update: pgadmin4-9.12-1.fc43

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 42 Update: pgadmin4-9.12-1.fc42

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

📄 Redash 25.8.0 Password Hash Extraction

This PHP script is a security exploitation tool that targets Redash, an open-source data visualization platform. The tool leverages a configuration vulnerability in Redash's default PostgreSQL setup to perform two critical attacks. It can execute arbitrary system commands on the database server...

PT-2026-20783

Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.31.0 Description The systeminformation library for node.js is susceptible to command injection through unsanitized output from the locate command within the versions function. This occurs when detecting th...

Photon OS 5.0: Postgresql14 PHSA-2026-5.0-0762

An update of the postgresql14 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0762. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Mageia: Security Advisory (MGASA-2026-0041)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 5.0: Postgresql15 PHSA-2026-5.0-0762

An update of the postgresql15 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0762. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-2006 affecting package postgresql for versions less than 14.21-1

CVE-2026-2006 affecting package postgresql for versions less than 14.21-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-2004 affecting package postgresql for versions less than 14.21-1

CVE-2026-2004 affecting package postgresql for versions less than 14.21-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-2005 affecting package postgresql for versions less than 14.21-1

CVE-2026-2005 affecting package postgresql for versions less than 14.21-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-2003 affecting package postgresql for versions less than 14.21-1

CVE-2026-2003 affecting package postgresql for versions less than 14.21-1. An upgraded version of the package is available that resolves this issue...

BIT-POSTGRESQL-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

BIT-POSTGRESQL-2026-2006 PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

BIT-POSTGRESQL-2026-2005 PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

BIT-POSTGRESQL-2026-2004 PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

BIT-POSTGRESQL-2026-2003 PostgreSQL oidvector discloses a few bytes of memory

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...