Astra Linux – Vulnerability in PostgresSQL 11

A man-in-the-middle attacker can inject false responses to the client’s first few queries, despite the use of SSL certificate verification and encryption...

Astra Linux – Vulnerability in libpgjava

The PostgreSQL JDBC Driver also known as PgJDBC prior to version 42.2.13 allowed XXE...

Astra Linux – Vulnerability in libpgjava

pgjdbc is the official PostgreSQL JDBC Driver. A security flaw was discovered in the JDBC driver for the postgresql database during security research. Systems that use the postgresql library will be vulnerable when an attacker controls the JDBC URL or connection properties. pgjdbc creates plugin...

Astra Linux – Vulnerability in PostgresSQL 11

The use of server error messages by clients in PostgreSQL allows a server that is not trusted under current SSL or GSS settings to send arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message claiming that a human user or someone...

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in PostgreSQL. By using an INSERT...ON CONFLICT...DO UPDATE command on a specially crafted table, an authenticated database user could read arbitrary bytes of server memory. The most significant threat of this vulnerability is to data confidentiality...

Astra Linux – Vulnerability in PostgresSQL 11

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries during the initial establishment of a connection, despite the use of SSL certificate verification and encryption...

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using the Postgres database extension, providing invalid parameters to the parameterized query may cause PHP to attempt to free memory by using uninitialized data as pointers. This could lead to a RCE vulnerabilit...

Astra Linux – Vulnerability in PostgresSQL 11

Incomplete tracking of tables with row security in PostgreSQL allows a reused query to view or modify different rows than intended. CVE-2023-2455 and CVE-2016-2193 addressed most issues related to interactions between row security and changes to user IDs. However, they did not cover cases where a...

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in PostgreSQL versions prior to 13.3, before 12.7, before 11.12, before 10.17, and before 9.6.22. When modifying certain SQL array values, missing bounds checks allow authenticated database users to write arbitrary bytes into a wide range of server memory. The greatest threa...

Astra Linux – Vulnerability in PostgresSQL 11

Incorrect privilege assignments in PostgreSQL allow a less-privileged application user to view or modify rows that were not intended for them. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or equivalent features. The problem arises when an application query uses...

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in PostgreSQL. By using an UPDATE...RETURNING command on a specially crafted table, an authenticated database user could read arbitrary bytes of server memory. The most significant threat of this vulnerability is data confidentiality...

Exploit for CVE-2026-42167

CVE-2026-42167 Master Exploit Tool A professional security re...

Exploit for CVE-2026-42167

\ CVE-2026-42167 POC Pre-Authentication Remote Code Executio...

BIT-POSTGRESQL-JDBC-DRIVER-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

GHSA-CG4X-64P3-X59H CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

xsslab

Dalfox XSS Lab Stored XSS / second-order XSS laboratory for i...

Security Bulletin: Multiple vulnerabilities in PostgreSQL affect PowerVM VIOS

Summary Vulnerabilities in PostgreSQL could allow an attacker to cause a denial of service CVE-2025-4207, read sensitive data CVE-2025-8713, or inject arbitrary code CVE-2025-8714, CVE-2025-8715. PowerVM VIOS uses PostgreSQL as part of Shared Storage Pools SSP and for internal administration...

Allocation of Resources Without Limits or Throttling

Overview org.postgresql:postgresql is a Java JDBC 4.2 JRE 8+ driver for PostgreSQL database. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the client-side SCRAM-SHA-256 authentication. An attacker can cause excessive CPU consumptio...

CVE-2026-42198

CVE-2026-42198 affects the pgjdbc PostgreSQL JDBC driver in versions 42.2.0 through before 42.7.11. The vulnerability is a client-side denial of service during SCRAM-SHA-256 authentication: a malicious server can force SCRAM with an extremely high iteration count, causing the client to spend unbo...

CVE-2026-42198

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...