Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: postgresql Clear
ID Title
CVE-2026-11400 CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
CVE-2026-6638 SQL Injection in postgresql (CVE-2026-6638)
SQL injection in postgresql (CVE-2026-6638). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-6476 SQL Injection in postgresql (CVE-2026-6476)
SQL injection in postgresql (CVE-2026-6476). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.10.0, 18.4.0` or later.
CVE-2026-6472 Vulnerability in postgresql (CVE-2026-6472)
vulnerability in postgresql (CVE-2026-6472). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-6473 Vulnerability in postgresql (CVE-2026-6473)
vulnerability in postgresql (CVE-2026-6473). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-6479 Vulnerability in postgresql (CVE-2026-6479)
vulnerability in postgresql (CVE-2026-6479). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-6478 Vulnerability in postgresql (CVE-2026-6478)
vulnerability in postgresql (CVE-2026-6478). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-6474 Vulnerability in postgresql (CVE-2026-6474)
vulnerability in postgresql (CVE-2026-6474). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-6475 Vulnerability in postgresql (CVE-2026-6475)
vulnerability in postgresql (CVE-2026-6475). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-6477 Vulnerability in postgresql (CVE-2026-6477)
vulnerability in postgresql (CVE-2026-6477). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-6637 SQL Injection in postgresql (CVE-2026-6637)
SQL injection in postgresql (CVE-2026-6637). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-6575 Vulnerability in postgresql (CVE-2026-6575)
vulnerability in postgresql (CVE-2026-6575). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.4.0` or later.
CVE-2026-46445 SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
CVE-2026-46446 SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored,...
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored,...
CVE-2026-38428 SQL Injection in sqli (CVE-2026-38428)
SQL injection in sqli (CVE-2026-38428). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v1/main/flows/search`.
CVE-2026-42198 Vulnerability in dos (CVE-2026-42198)
vulnerability in dos (CVE-2026-42198). Risk of unauthorized operations or information disclosure.
CVE-2026-2007 Vulnerability in privilege-escalation (CVE-2026-2007)
vulnerability in privilege-escalation (CVE-2026-2007). Risk of unauthorized operations or information disclosure.
CVE-2026-2005 Vulnerability in postgresql (CVE-2026-2005)
vulnerability in postgresql (CVE-2026-2005). Successful exploitation can lead to full system takeover.
CVE-2026-2004 Vulnerability in postgresql (CVE-2026-2004)
vulnerability in postgresql (CVE-2026-2004). Successful exploitation can lead to full system takeover.
CVE-2026-2006 Vulnerability in postgresql (CVE-2026-2006)
vulnerability in postgresql (CVE-2026-2006). Successful exploitation can lead to full system takeover.
CVE-2023-5868 Vulnerability in postgresql (CVE-2023-5868)
vulnerability in postgresql (CVE-2023-5868). Risk of unauthorized operations or information disclosure.
CVE-2017-12172 Vulnerability in postgresql (CVE-2017-12172)
vulnerability in postgresql (CVE-2017-12172). Successful exploitation can lead to full system takeover.
CVE-2017-15099 Information Disclosure in postgresql (CVE-2017-15099)
vulnerability in postgresql (CVE-2017-15099). Confidential information can be exposed externally.
CVE-2017-15098 Information Disclosure in postgresql (CVE-2017-15098)
vulnerability in postgresql (CVE-2017-15098). Confidential information can be exposed externally.
CVE-2017-8806 Vulnerability in dos (CVE-2017-8806)
vulnerability in dos (CVE-2017-8806). Data can be tampered with by attackers.
CVE-2017-7548 Vulnerability in dos (CVE-2017-7548)
vulnerability in dos (CVE-2017-7548). Data can be tampered with by attackers.
CVE-2017-7547 Vulnerability in postgresql (CVE-2017-7547)
vulnerability in postgresql (CVE-2017-7547). Successful exploitation can lead to full system takeover.
CVE-2017-7546 Authentication Bypass in postgresql (CVE-2017-7546)
authentication bypass in postgresql (CVE-2017-7546). Successful exploitation can lead to full system takeover.
CVE-2016-0768 PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
CVE-2017-7486 Vulnerability in postgresql (CVE-2017-7486)
vulnerability in postgresql (CVE-2017-7486). Confidential information can be exposed externally.
CVE-2017-7485 Vulnerability in postgresql (CVE-2017-7485)
vulnerability in postgresql (CVE-2017-7485). Data can be tampered with by attackers.
CVE-2017-7484 Vulnerability in postgresql (CVE-2017-7484)
vulnerability in postgresql (CVE-2017-7484). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →