fixes Archives

Tech Optimizer

May 23, 2026

CVE-2026-9082: Critical Drupal Core SQLi Flaw

Drupal has issued critical security updates for a vulnerability in Drupal Core, identified as CVE-2026-9082, which affects sites using PostgreSQL databases. This flaw allows anonymous attackers to exploit the system through arbitrary SQL injection, posing risks such as sensitive information disclosure, privilege escalation, and remote code execution. The vulnerability is rated 20 out of 25 by Drupal and 6.5 out of 10 by CVE.org. It specifically impacts the database abstraction API, which fails to properly sanitize queries. The fixed versions include 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, and 10.4.10, with best-effort patches available for unsupported versions 9.5 and 8.9. Organizations are advised to inventory their Drupal installations, verify PostgreSQL usage, and prioritize patching for public-facing sites.

AppWizard

May 22, 2026

New SteamOS update finally fixes one of the Steam Deck’s most irritating bugs

Valve has released the SteamOS 3.8.5 Beta, which includes bug fixes and enhancements for the Steam Deck and other devices like the Asus ROG Ally and Lenovo Legion Go. Key improvements include a fix for audio issues on the Steam Deck OLED, enhancements to video memory management for discrete GPUs, and a resolution for a bug in Desktop Mode. The update also includes stability and security updates, a fix for the Asus ROG Ally's control behavior after suspend, and improvements from the previous 3.8.4 Beta, such as solutions for WiFi performance issues and trackpad sensitivity adjustments. Users can join the beta by navigating to Settings > System > System Update Channel.

Tech Optimizer

May 21, 2026

Nvidia tells users to update GPU drivers now or face possible attack — here’s what we know

NVIDIA has released an update to its GPU display drivers that addresses 14 vulnerabilities across its product lines, including GeForce, RTX, Quadro, Tesla, NVS, vGPU, and Cloud Gaming software. The most critical vulnerability is CVE‑2026‑24187, a high-severity use-after-free bug rated 8.8 out of 10, which could allow code execution, privilege escalation, data theft, or system crashes. Linux systems are vulnerable due to improper access to GPU resources at the kernel level, while Windows systems are at risk from a timing flaw. Two vulnerabilities in NVIDIA’s Unified Virtual Memory subsystem on Linux could lead to denial-of-service attacks without elevated permissions. The vGPU software also received patches for vulnerabilities in its virtual GPU manager component. Users can download the updated drivers from the NVIDIA Driver Downloads page or the NVIDIA Licensing Portal, with Windows users needing version 569.49 or newer and Linux users needing version 590.48.01. Users are advised to maintain their antivirus programs for enhanced security. NVIDIA thanked external security researchers for their responsible disclosure of these vulnerabilities.

Tech Optimizer

May 21, 2026

PostgreSQL Flaws Expose Databases to Remote Code Execution and SQL Injection

PostgreSQL has released versions 18.4, 17.10, 16.14, 15.18, and 14.23 to address 11 security vulnerabilities and over 60 bugs. The vulnerabilities affect PostgreSQL versions 14 through 18 and include issues such as remote code execution, SQL injection, and denial-of-service risks. Specific vulnerabilities include: - CVE-2026-6472: Missing authorization in CREATE TYPE allows query hijacking. - CVE-2026-6473: Integer wraparound leads to out-of-bounds writes and server crashes. - CVE-2026-6474: Format string issue leaks server memory. - CVE-2026-6475: Symlink attack allows overwriting arbitrary files. - CVE-2026-6476: SQL injection allows execution of arbitrary SQL as superuser. - CVE-2026-6477: Memory buffer overwrite via libpq lo_* functions. - CVE-2026-6478: Timing attack exposes MD5-hashed passwords. - CVE-2026-6479: SSL/GSS recursion flaw allows denial-of-service. - CVE-2026-6575: Buffer over-read leaks memory data (PostgreSQL 18 only). - CVE-2026-6637: Refint module enables stack overflow and SQL injection, leading to possible RCE. - CVE-2026-6638: SQL injection in REFRESH PUBLICATION via table names. Organizations are advised to upgrade to the latest versions, avoid MD5 password authentication, restrict privileges, audit extensions, and monitor for abnormal activity. PostgreSQL 14 will reach its end-of-life on November 12, 2026.

Tech Optimizer

May 20, 2026

Critical PostgreSQL Flaws Enable Code Execution and SQL Injection

On May 14, 2026, PostgreSQL released critical security updates for versions 18.4, 17.10, 16.14, 15.18, and 14.23, addressing 11 Common Vulnerabilities and Exposures (CVEs) related to stack buffer overflows, SQL injection, memory disclosure, and denial-of-service vulnerabilities. The most critical vulnerability, CVE-2026-6637, has a CVSS score of 8.8 and allows remote, unprivileged database users to execute arbitrary code. Other notable vulnerabilities include CVE-2026-6473, which affects memory allocation leading to potential memory corruption, and CVE-2026-6475, which allows overwriting sensitive OS-level files. Additional vulnerabilities include SQL injection flaws and authentication issues, with various CVSS scores ranging from 3.7 to 7.5. The updates can be implemented without a database dump, and PostgreSQL 14 will reach its end-of-life on November 12, 2026.

Tech Optimizer

May 20, 2026

PostgreSQL backup tool gets some backup of its own after sole maintainer sounds alarm

A coalition of companies, including AWS, Percona, Supabase, pgEdge, and Tiger Data, has formed to support the maintenance of pgBackRest, an extension for the PostgreSQL database, after its long-time maintainer, David Steele, could no longer continue due to a lack of sponsorship following the acquisition of Crunchy Data by Snowflake. pgBackRest is a backup and restore solution for PostgreSQL, which is widely used by major cloud service providers. Steele had been seeking sponsorship to maintain the project but was unsuccessful, prompting concerns about its future. The coalition aims to provide stability and reduce reliance on a single sponsor by onboarding a new maintainer and seeking additional support. Percona's CEO emphasized the importance of collaboration to ensure the project's health for the community.

Tech Optimizer

May 19, 2026

Open Source Stays Open: Percona Sponsors pgBackRest to Keep PostgreSQL Backups Running

Percona has become a sponsor of pgBackRest following the departure of its primary maintainer due to funding challenges. This sponsorship aims to revitalize pgBackRest, a critical backup and recovery tool for PostgreSQL, ensuring its continued development and support. Percona's CEO, Peter Farkas, highlighted the importance of pgBackRest and the decision to coordinate with other companies to maintain its health. The plan for pgBackRest's future includes dedicated time from David Steele for bug fixes and feature enhancements, assistance from Percona's engineering team in onboarding a new maintainer, and efforts to attract additional sponsorship to diversify support. Percona's investment aims to prevent future uncertainties associated with reliance on a single maintainer.

Winsage

May 18, 2026

Why Your Windows 11 PC Doesn’t Get AI Features

Several hundred million Windows 11 users are experiencing frustrations due to the absence of Microsoft features like Recall and Cocreator, which are only available on Copilot+ PCs. Microsoft has divided Windows 11 into two tiers, with the latest AI functionalities requiring specific hardware known as Copilot+ PC. To qualify, a device must have: - An NPU capable of at least 40 TOPS - A minimum of 16 GB of RAM (DDR5 or LPDDR5) - At least 256 GB of SSD storage - Windows 11 version 24H2 or newer - A processor from specific families: Qualcomm Snapdragon X series, Intel Core Ultra 200V (Lunar Lake), or AMD Ryzen AI 300 series Many PCs lack these features due to missing NPUs, insufficient TOPS ratings, unsupported processor generations, outdated Windows versions, rollout delays, or regional limits. Features locked behind Copilot+ include Recall, Click to Do, Cocreator in Paint, Windows Studio Effects, Live Captions with Translation, Improved Windows Search, and Auto Super Resolution. To check for Copilot+ compatibility, users can verify the presence of an NPU in Task Manager, ensure they have Windows 11 version 24H2 or newer, and confirm their processor against the approved list. While some workarounds exist to enable features on unsupported PCs, they are often unstable and not recommended for primary use. Most users may not need to upgrade their laptops unless they require on-device AI features or their current device is significantly outdated. The AI feature gap is not currently critical for most users, as many features are optional or not essential.

Tech Optimizer

May 18, 2026

Google Pushes AI for PostgreSQL Development

Google is integrating artificial intelligence into PostgreSQL engineering while ensuring engineers remain responsible for their code contributions. This initiative aims to improve productivity and streamline processes, particularly in version upgrades, replication behavior, and production recovery. Sailesh Krishnamurthy, Google Cloud's VP of Databases, emphasized the importance of human oversight in this AI-driven approach. Between July and December 2025, Google's PostgreSQL engineering focused on logical replication, improvements to pg_upgrade, and upstream bug fixes. Logical replication allows selective database change transfers, which is beneficial for migrations and upgrades. The roadmap includes Automatic Conflict Detection and logical replication of sequences to minimize manual synchronization issues. Enterprise teams are particularly interested in these developments due to the challenges posed by write collisions and misaligned sequence values. The demand for PostgreSQL services at Google is increasing due to migration needs from Oracle and SQL Server. Recent data shows PostgreSQL's rising popularity, ranking fourth in the DB-Engines ranking and gaining 8.37 points year over year, while its competitors experienced declines.

Winsage

May 18, 2026

Microsoft confirms Windows 11 security update install issues

Microsoft has acknowledged a significant issue with the May 2026 Windows 11 security update, KB5089549, where users are encountering difficulties in installation, specifically the 0x800f0922 error code. This issue is primarily due to insufficient free space on the EFI System Partition (ESP), especially for devices with 10 MB or less available. The installation may fail during the reboot phase at around 35–36% completion, with users receiving notifications like "Something didn't go as planned. Undoing changes." Log entries may indicate insufficient ESP free space, such as "SpaceCheck: Insufficient free space" and "ServicingBootFiles failed. Error = 0x70." Microsoft recommends affected users utilize the Known Issue Rollback feature to reverse problematic updates and advises IT departments to install and configure the relevant Group Policy to address the issue.