CVE-2023-39418

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-1220
View all →

Vulnerability Description

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

Related Vulnerabilities

CVE-2024-6867

MEDIUM
CVSS:4.3(Medium)

An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access right...

CWE-12202024

CVE-2025-1110

MEDIUM
CVSS:4.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query...

CWE-12202025

CVE-2024-26246

LOW
CVSS:3.9(Low)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-12202024

CVE-2024-6696

MEDIUM
CVSS:4.9(Medium)

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, impl...

CWE-12202024

CVE-2025-4979

MEDIUM
CVSS:4.9(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that ...

CWE-12202025

CVE-2023-50713

MEDIUM
CVSS:5.0(Medium)

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an appli...

CWE-12202023