Blog | ZeroDay.cloud

Technical writeups and vulnerability analyses from our community of elite security researchers.

Featured Writeups

CVE-2026-32710: MariaDB JSON_SCHEMA_VALID heap buffer overflow leading to RCE

A heap buffer overflow in MariaDB's JSON_SCHEMA_VALID() function allows authenticated users to escalate privileges and execute arbitrary OS commands. Discovered by Xint Code at ZeroDay.Cloud 2025.

Team Xint Code

May 4

PostgreSQL8 min read

CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow leading to RCE

A 20-year-old heap buffer overflow in PostgreSQL's pgcrypto extension allows remote code execution. Discovered by Xint Code at ZeroDay.Cloud 2025.

Team Xint Code

May 4

PostgreSQL15 min read

CVE-2026-2006: Encoding bug in PostgreSQL pgcrypto leads to Remote Code Execution

A 20-year-old encoding bug in PostgreSQL's pgcrypto extension allows smuggling invalid UTF-8 into the database, leading to memory corruption and remote code execution. Discovered by Team Bugz Bunnies at ZeroDay.Cloud 2025.

Team Bugz Bunnies

May 4

Research Publications

Featured Writeups

CVE-2026-32710: MariaDB JSON_SCHEMA_VALID heap buffer overflow leading to RCE

CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow leading to RCE

CVE-2026-2006: Encoding bug in PostgreSQL pgcrypto leads to Remote Code Execution