U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Splunk Enterprise flaw, tracked as CVE-2026-20253 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw CVE-2026-20253 is an improper authentication vulnerability in the PostgreSQL sidecar service of […]
Latest coverage for PostgreSQL
PostgreSQL is an open-source relational database whose deployments can be affected by security flaws, unsafe configuration, and vulnerable extensions.
Refine the feed
Search across headline titles and summaries.
Tag briefing
Background for this topic.
PostgreSQL is an open-source object-relational database system used to store and query structured data, while supporting transactions, complex SQL, and programmable extensions. Its security model includes database roles, granular privileges, authentication rules, encrypted client connections, and configurable logging. Administrators must still configure these controls correctly: PostgreSQL does not make an exposed server, excessive privileges, or weak credentials safe by default.
Security coverage for PostgreSQL commonly focuses on restricting network access, reviewing pg_hba.conf authentication rules, enforcing least privilege, and preventing application-layer SQL injection through parameterized queries. Extensions and procedural code expand the attack surface, particularly when run with elevated privileges. Vulnerability management includes tracking PostgreSQL security advisories, applying supported-version updates, and assessing extensions separately. Logs can support detection and investigations, but should be protected because queries and connection details may contain sensitive information; retention and access controls may also affect privacy and regulatory obligations.
Volume over time
Weekly headline count for the current query.
CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack
Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]