Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the CREATE TYPE process. An attacker can execute arbitrary SQL functions of their choice by hijacking queries that use searchpath to locate user-defined types, including those defined by extensions. Remediation...

CVE-2026-6472

The CVE-2026-6472 entry concerns PostgreSQL: missing authorization in the CREATE TYPE path enables an object creator to hijack queries that rely on search_path to locate user-defined and extension-defined types. Affected versions include PostgreSQL 14.23, 15.18, 16.14, 17.10, and 18.4 prior relea...

CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

PT-2026-40917

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Missing authorization in the CREATE TYPE command allows a...

JLSEC-2026-25

It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affect...

JLSEC-2026-24

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

CVE-2026-29089 TimescaleDB uses untrusted search path during extension upgrade

TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the searchpath setting to locate unqualified database objects tables, functions, operators. If the searchpath includes user-writable...

RLSA-2023:5269 Moderate: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

CVE-2025-65411

A flaw was found in GNU Unrtf. This vulnerability, a NULL pointer dereference in the src/path.c component, allows an attacker to cause a Denial of Service DoS by injecting a specially crafted payload into the searchpath parameter. This can lead to the application becoming unresponsive or crashing...

CVE-2025-65411

A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the searchpath parameter...

Linux Distros Unpatched Vulnerability : CVE-2025-65411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted payload...

[SECURITY] [DLA 4422-1] pgbouncer security update

Debian LTS Advisory DLA-4422-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson December 27, 2025 https://wiki.debian.org/LTS Package : pgbouncer Version : 1.15.0-1+deb11u2 CVE ID : CVE-2025-12819 Debian Bug : PgBouncer is a lightweight connection pooler for...

Linux Distros Unpatched Vulnerability : CVE-2025-12819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authenticati...

AZL-71249 CVE-2025-12819 affecting package pgbouncer for versions less than 1.25.1-1

Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious searchpath parameter in the StartupMessage...

CVE-2025-55282 aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of searchpath restriction, an attacke...

PT-2025-33672 · Aiven · Aiven-Db-Migrate

Name of the Vulnerable Software and Affected Versions: aiven-db-migrate versions prior to 1.0.7 Description: aiven-db-migrate is a database migration tool. A privilege escalation issue exists that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrust...

CVE-2023-41117

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against...

Linux Distros Unpatched Vulnerability : CVE-2020-14350

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this...

postgresql: schema_element defeats protective search_path changes

A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code...

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. It is used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from the inclusion of packages, standalone packages, and...