PT-2026-7633

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.0.1 Description The software contains a flaw that could allow a user to obtain superuser privileges. This is achieved by creating a custom operator within the public schema and embedding malicious code...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005349 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database...

CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005346)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005346 advisory. PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005344)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005344 advisory. Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005334)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005334 advisory. Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client...

OPENSUSE-SU-2026:20193-1 Security update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc

This update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc fixes the following issues: Changes in orthanc: - dcmtk 370 breaks TW...

php: pgsql extension does not check for errors during escaping

A flaw was found in PHP. Missing error checking could result in SQL injection, and missing error handling could lead to crashes due to null pointer dereferences...

GHSA-3C6G-7V4G-5XCM vulnerabilities

Vulnerabilities for packages: postgresql...

CVE-2024-7348 vulnerabilities

Vulnerabilities for packages: postgresql...

Exploit for Command Injection in Veeam Veeam_Backup_\&_Replication

Affected Software: PostgreSQL 15.x before 15.7, 16.x before 16...

CVE-2026-25544

Payload CMS (free/open-source headless CMS) prior to v3.73.0 is vulnerable to blind SQL injection in JSON and richText queries when using PostgreSQL/SQLite adapters. User input is embedded into SQL without escaping, enabling unauthenticated data disclosure (emails, password reset tokens) and full...

CVE-2026-25544 Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...

CVE-2026-25544 Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...

CVE-2026-25544 Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...

[SECURITY] Fedora 42 Update: pgadmin4-9.11-3.fc42

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Authorization Bypass Through User-Controlled Key

Overview payload is a Node, React and MongoDB Headless CMS and Application Framework Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the auth collections in multi-auth collection environments using Postgres or SQLite with serial or...

payload-preferences has Cross-Collection IDOR in Access Control (Multi-Auth Environments)

Impact A cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default serial/auto-increment IDs, authenticated users from one auth collection can read and...

@adenta/cms (>=0.0.6 <=1.1.1-0), @anjy7/navbar-cms (=0.0.5) +8 more potentially affected by CVE-2026-25544 via @payloadcms/db-postgres (>=3.0.0-alpha.46 <=3.61.0)

@payloadcms/db-postgres NPM version =3.0.0-alpha.46, =0.0.6, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.5, =0.0.5, =1.0.3 - npm-payload-test =2.6.4 - payload-auth-plugin =0.7.5 Source cves: CVE-2026-25544 Source advisory: SNYK:JS-PAYLOADCMSDBPOSTGRES-15240187...

GHSA-XX6W-JXG9-2WH8 @payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Impact When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data emails, password reset tokens and achieve full account takeover without password cracking. Users...