SUSE SLES15 Security Update : postgresql15 (SUSE-SU-2026:0770-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0770-1 advisory. Update to version 15.17 bsc1258754. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow...

Security Bulletin: EDB PostgreSQL - CVE-2023-39417

Summary An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack...

Security update for postgresql14

This update for postgresql14 fixes the following issues: Update to version 14.22 bsc1258754. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to...

GHSA-MQ5V-X68W-MC4F vulnerabilities

Vulnerabilities for packages: postgresql...

GHSA-HGMP-6HMC-PRFC vulnerabilities

Vulnerabilities for packages: postgresql...

BIT-SUPERSET-2026-23984 Apache Superset: SQLLab Read-Only Bypass on PostgreSQL

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes

Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted tabl...

CVE-2026-2006 vulnerabilities

Vulnerabilities for packages: postgresql...

CVE-2026-2004 vulnerabilities

Vulnerabilities for packages: postgresql...

CVE-2026-2006 vulnerabilities

Vulnerabilities for packages: postgresql...

CVE-2026-2004 vulnerabilities

Vulnerabilities for packages: postgresql...

CVE-2026-23984

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

Secure-auth-api

🔐 Secure Auth API — Built → Broken → Fixed A hands-on securit...

Incorrect Authorization

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Incorrect Authorization in the PostgreSQL database connection for SQLLab. An attacker can perform unauthorized data modification by submitting speciall...

SUSE-SU-2026:0616-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Update to version 14.21. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivit...

CVE-2026-23984

CVE-2026-23984 affects Apache Superset prior to 6.0.0. An authenticated user with SQLLab access can bypass the read-only verification for PostgreSQL connections, enabling crafted statements to evade the existing DML blocks. This could allow execution of data manipulation operations that should be...

CVE-2026-2004 affecting package postgresql for versions less than 16.12-1

CVE-2026-2004 affecting package postgresql for versions less than 16.12-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-2003 affecting package postgresql for versions less than 16.12-1

CVE-2026-2003 affecting package postgresql for versions less than 16.12-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-2005 affecting package postgresql for versions less than 16.12-1

CVE-2026-2005 affecting package postgresql for versions less than 16.12-1. An upgraded version of the package is available that resolves this issue...

Apache Superset 安全漏洞

Apache Superset is a modern big data exploration and visualization platform from the Apache Foundation that allows users to easily and quickly build dashboards using a simple no-code visualization builder and a state-of-the-art SQL editor. Apache Superset has an input validation vulnerability in...