CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13191 matches found

CVE•added 2026/04/29 3:58 p.m.•67 views

CVE-2026-42198

CVE-2026-42198 affects the pgjdbc PostgreSQL JDBC driver in versions 42.2.0 through before 42.7.11. The vulnerability is a client-side denial of service during SCRAM-SHA-256 authentication: a malicious server can force SCRAM with an extremely high iteration count, causing the client to spend unbo...

7.5CVSS5.3AI score0.00445EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/04/29 3:58 p.m.•0 views

CVE-2026-42198

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

7.5CVSS5.3AI score0.00445EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/04/29 3:58 p.m.•26 views

CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

7.5CVSS0.00445EPSS

Exploits0References2

Positive Technologies•added 2026/04/29 12:0 a.m.•0 views

PT-2026-35952

Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.2.0 through 42.7.10 Description A client-side denial of service occurs during SCRAM-SHA-256 authentication. A malicious server can force the driver to execute SCRAM authentication using an excessively large iteration count,...

7.5CVSS5.9AI score0.00445EPSS

Exploits1References114

Redos•added 2026/04/29 12:0 a.m.•2 views

ROS-20260429-73-0012

A vulnerability in the pgtrgm component of the PostgreSQL database management system is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

Query Builder