CVE-2026-6638

Same vendor

• CVE-2026-6637 — Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating syste... (8.8 HIGH)
• CVE-2026-6575 — Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query plannin... (4.3 MEDIUM)
• CVE-2026-6479 — Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve... (7.5 HIGH)
• CVE-2026-6478 — Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials su... (6.5 MEDIUM)
• CVE-2026-6477 — Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tel... (8.8 HIGH)

Same CWE

• CVE-2026-53474 — A flaw was found in migration-planner (9.6 CRITICAL)
• CVE-2026-52758 — Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL qu... (8.8 HIGH)
• CVE-2026-49498 — Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to e... (8.8 HIGH)
• CVE-2026-3018 — The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up t... (7.5 HIGH)
• CVE-2026-3326 — The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX ... (8.6 HIGH)