JLSEC-2026-53

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

BIT-POSTGRESQL-2026-2003 PostgreSQL oidvector discloses a few bytes of memory

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

CVE-2026-2003

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

AZL-77643 CVE-2026-2006 affecting package rust 1.90.0-4

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

CVE-2025-64498 Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. Th...

CVE-2025-64117

CVE-2025-64117 affects Tuleap, where both Community Edition (pre-16.13.99.1761813675) and Enterprise Edition (pre-16.13-5 and pre-16.12-8) lack cross-site request forgery (CSRF) protection in SVN commit rules and immutable tags management. The root cause is missing CSRF protection in the affected...

Enalean Tuleap Community Edition和Enalean Tuleap Enterprise Edition 跨站请求伪造漏洞

Enalean Tuleap Community Edition and Enalean Tuleap Enterprise Edition are both an open source suite from Enalean Open Source designed to improve the management of software development and collaboration. A cross-site request forgery vulnerability exists in Enalean Tuleap Community Edition and...

Type confusion

In Foxit Quick PDF Library all versions prior to 16.12, issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access...

Type confusion

In Foxit Quick PDF Library all versions prior to 16.12, issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access...