Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Data Management and Analytics
  • Database

Database

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    8 Jul 2026 Data Management and Analytics
    PostgreSQL: Unauthenticated Denial-of-Service via audit_logs RLS in Supabase PostgREST

    In PostgreSQL versions before 12.128.12 a high severity vulnerability CVE-2026-56248 was detected. This vulnerability allows unauthenticated attackers to trigger a denial-of-service (statement timeouts / PostgREST error 57014) by issuing unfiltered queries to the public.audit_logs endpoint via the Supabase PostgREST API. To address this issue, users should upgrade capgo-backend 12.128.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-56248.

    Read more
    Database
    2 Jul 2026 Data Management and Analytics
    ChromaDB: Remote Code Execution via Malicious Model Repository

    In ChromaDB versions 0.4.17 and later a high severity vulnerability CVE-2026-45833 was detected. This vulnerability allows an authenticated attacker with UPDATE_COLLECTION permissions to execute arbitrary code on the server, leading to Remote Code Execution (RCE). This occurs due to a code injection flaw when the application handles model repositories. By sending a malicious model repository to the /api/v2/tenants/default_tenant/databases/default_database/collections/{collection_id} endpoint and setting the trust_remote_code parameter to true, an attacker can trick the system into executing their malicious payload.There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-45833.

    Read more
    Database
    26 Jun 2026 Data Management and Analytics
    GeoServer DB2 DataStore Extension: Remote Code Execution (RCE) via JNDI Injection

    In GeoServer DB2 DataStore Extension versions prior to 2.27.0 a high severity vulnerability CVE-2025-27511 was detected. This vulnerability allows an authenticated administrator to achieve Remote Code Execution (RCE) on the server. This occurs because the extension is vulnerable to a JNDI injection attack when processing a specially crafted DB2 JDBC URL. To address this issue, users should upgrade the GeoServer DB2 DataStore Extension to version 2.27.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27511.

    Read more
    Database
    25 Jun 2026 Data Management and Analytics
    NocoDB: Improper Session Management via Persistent Refresh Tokens During Password Recovery

    In NocoDB versions prior to 2026.05.1 a medium severity vulnerability CVE-2026-53928 was detected. This vulnerability allows an attacker in possession of a stolen refresh token to maintain unauthorized access by minting new JSON Web Tokens (JWTs), even after the victim has completed a password recovery flow. This occurs because the passwordForgot process fails to delete the user’s active refresh tokens—unlike standard password change or reset flows—leaving them valid for exchange. To address this issue, users should upgrade NocoDB to version 2026.05.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-53928.

    Read more
    Database
    24 Jun 2026 Data Management and Analytics
    MongoDB Server: Use-After-Free in Server-Side JavaScript BSON-to-Array Conversion

    In MongoDB Server versions 8.3.0 through 8.3.3, 8.2.0 through 8.2.10, 8.0.0 through 8.0.25, 7.0.0 through 7.0.36, 6.0.0 through 6.0.28, 5.0.0 through 5.0.33, 4.4.0 through 4.4.30 a high severity vulnerability CVE-2026-11933 was detected. This vulnerability allows an authenticated user with read privileges to cause a Denial of Service (DoS) or disclose sensitive information from the mongod process memory. This occurs due to a Use-After-Free (UAF) flaw in the server-side JavaScript engine when converting BSON documents to JavaScript arrays. By executing server-side JavaScript (for example, via the $where or $function operators), an attacker can trigger the server to access memory that has already been freed. To address this issue, users should upgrade MongoDB Server to a patched version 8.3.x, 8.2.11, or 8.0.26 (or later), 7.0.37 (or later). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-11933.

    Read more
    Database
    24 Jun 2026 Data Management and Analytics
    MariaDB Server: Information Disclosure of Stored Routine Definitions via Roles

    In MariaDB Server versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1 a medium severity vulnerability CVE-2026-44169 was detected. This vulnerability allows an authenticated user to gain unauthorized visibility into stored routine definitions, leading to information disclosure. This occurs because if a user is granted EXECUTE access to a stored routine via a role, the system improperly permits them to see the routine’s definition, even if they lack the explicitly required SHOW CREATE ROUTINE privilege. To address this issue, users should upgrade MariaDB Server to versions 11.4.11, 11.8.7, or 12.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-44169.

    Read more
    Database
    24 Jun 2026 Data Management and Analytics
    NocoDB: Server-Side Request Forgery (SSRF) and Scheme Abuse via base-migration Endpoint

    In NocoDB versions prior to 2026.05.1 a medium severity vulnerability CVE-2026-53930 was detected. This vulnerability allows an attacker to perform Server-Side Request Forgery (SSRF), probe internal HTTP destinations, and abuse URI schemes (such as file: or ftp:). This occurs because the base-migration endpoint accepts a caller-supplied URL that the migration worker dereferences without enforcing proper protocol or destination restrictions. To address this issue, users should upgrade NocoDB to version 2026.05.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-53930.

    Read more
    Database
    23 Jun 2026 Data Management and Analytics
    pgAdmin 4: SQL Injection in Dialog Templates

    In pgAdmin 4 versions 1.0 before 9.16 a high severity vulnerability CVE-2026-12044 was detected. This vulnerability allows an authenticated user to execute arbitrary SQL statements, and potentially achieve OS command execution if connected as a highly privileged role (e.g., a superuser using COPY ... TO/FROM PROGRAM). This occurs due to an SQL injection flaw across various dialog templates (such as Domains, Foreign Tables, Languages, and Event Triggers) that render COMMENT ON ... IS '<description>'. The Jinja templates interpolate user-supplied descriptions directly inside single-quoted SQL literals instead of safely passing them through the qtLiteral escape filter, allowing an attacker to break out of the literal using an apostrophe. While the injected SQL runs under the user’s existing database role and does not cross privilege boundaries, it bypasses application-layer restrictions placed on the Query Tool interface. To address this issue, users should upgrade pgAdmin 4 to version 9.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-12044.

    Read more
    Database
    23 Jun 2026 Data Management and Analytics
    GeoServer: Arbitrary File Write and Plaintext Master Password Disclosure

    In GeoServer versions prior to 2.26.4 and prior to 2.27.3 a high severity vulnerability CVE-2025-52465 was detected. This vulnerability allows an authenticated administrator to create files containing the master password in plaintext anywhere on the server’s file system. This occurs because the Master Password Dump web page fails to properly sanitize user input, allowing the submission of arbitrary absolute file paths. Installations where the web interface is disabled or removed are not affected. To address this issue, users should upgrade GeoServer to versions 2.26.4 or 2.27.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52465.

    Read more
    Database
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}