18 points by tsg
Wow, CVE-2026-6476 (SQL injection via subscription name) is wild - just sprintf-ing unquoted user input into an SQL query which is then executed with superuser privileges.
PostgreSQL of all things having a SQL injection vulnerability is peak irony.