Lucene search
K

4 matches found

Cvelist
Cvelist
added yesterday9 views

CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-42867

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS6.3AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:18 p.m.7 views

CVE-2026-32687

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...

7.5CVSS6AI score0.00198EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/12 2:18 p.m.13 views

CVE-2026-32687

CVE-2026-32687 describes an SQL injection in elixir-ecto postgrex via Elixir.Postgrex.Notifications.listen/3 and unlisten/3. The channel argument is interpolated directly into LISTEN/UNLISTEN statements without escaping quotes, enabling an attacker who controls the channel name to inject arbitrar...

7.8CVSS6AI score0.00198EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder