Security news aggregator

Latest coverage for PostgreSQL

PostgreSQL is an open-source relational database whose deployments can be affected by security flaws, unsafe configuration, and vulnerable extensions.

25 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

PostgreSQL is an open-source object-relational database system used to store and query structured data, while supporting transactions, complex SQL, and programmable extensions. Its security model includes database roles, granular privileges, authentication rules, encrypted client connections, and configurable logging. Administrators must still configure these controls correctly: PostgreSQL does not make an exposed server, excessive privileges, or weak credentials safe by default.

Security coverage for PostgreSQL commonly focuses on restricting network access, reviewing pg_hba.conf authentication rules, enforcing least privilege, and preventing application-layer SQL injection through parameterized queries. Extensions and procedural code expand the attack surface, particularly when run with elevated privileges. Vulnerability management includes tracking PostgreSQL security advisories, applying supported-version updates, and assessing extensions separately. Logs can support detection and investigations, but should be protected because queries and connection details may contain sensitive information; retention and access controls may also affect privacy and regulatory obligations.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 25

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Splunk Enterprise flaw, tracked as CVE-2026-20253 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw CVE-2026-20253 is an improper authentication vulnerability in the PostgreSQL sidecar service of […]

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure

A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that's capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure

Loading more headlines...