6 matches found
CVE-2026-29089 TimescaleDB uses untrusted search path during extension upgrade
TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the searchpath setting to locate unqualified database objects tables, functions, operators. If the searchpath includes user-writable...
CVE-2026-29089 TimescaleDB uses untrusted search path during extension upgrade
TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the searchpath setting to locate unqualified database objects tables, functions, operators. If the searchpath includes user-writable...
PT-2026-23731
Name of the Vulnerable Software and Affected Versions TimescaleDB versions 2.23.0 through 2.25.1 Description TimescaleDB is a time-series database that functions as a Postgres extension. A flaw exists where PostgreSQL’s use of the search path setting can allow a malicious user to create functions...
apache-avro: Schema parsing may trigger Remote Code Execution (RCE)
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...
apache-avro: Schema parsing may trigger Remote Code Execution (RCE)
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...
apache-avro: Schema parsing may trigger Remote Code Execution (RCE)
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...