CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

CVE-2026-32950

CVE-2026-32950 affects SQLBot prior to 1.7.0, where an authenticated user can trigger a critical SQL Injection in the /api/v1/datasource/uploadExcel endpoint. The root cause is unsanitized Excel sheet names concatenated into PostgreSQL table names and embedded into COPY statements via f-strings i...

CVE-2026-32950 SQLBot: RCE via SQL Injection in Excel Upload Endpoint

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

SUSE CVE-2026-4427

Duplicate of CVE-2026-32286...

SQLBot SQL注入漏洞

SQLBot is an intelligent data querying system developed by DataEase, based on large models and RAG techniques. Versions of SQLBot prior to 1.7.0 contained a SQL injection vulnerability. This vulnerability occurred due to the direct concatenation of Excel worksheet names into PostgreSQL table name...

CVE-2026-32622

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...

CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in protocol parser components. An attacker can cause the application to crash or exhaust resources by sending specially crafted, malformed network packets to a monitored network interface. Note: This i...

EUVD-2026-13115

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...

CVE-2026-4427

Rejected reason: Duplicate of CVE-2026-32286...

UBUNTU-CVE-2026-4427

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...

CVE-2026-4427

Rejected reason: Duplicate of CVE-2026-32286...

CVE-2026-4427

Duplicate of CVE-2026-32286...

CVE-2026-4427

Removed by vendor...

CVE-2026-4427

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...

Amazon Linux 2 : postgresql, --advisory ALAS2-2026-3193 (ALAS-2026-3193)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3193 advisory. Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user...

编号撤回

pgproto3 is a PostgreSQL protocol encoding library developed by Jack Christensen. This CVE number has been withdrawn...

Important: postgresql

Issue Overview: Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. CVE-2026-2005 Affected Packages: postgresql Note: This...

SUSE-SU-2026:20906-1 Security update for postgresql17

This update for postgresql17 fixes the following issues: - Update to version 17.9. bsc1258754 - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector bsc1258008 - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data type...

OPENSUSE-SU-2026:20388-1 Security update for postgresql17

This update for postgresql17 fixes the following issues: - Update to version 17.9. bsc1258754 - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector bsc1258008 - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data type...