CVE-2021-47748

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...

CVE-2021-47748 Hasura GraphQL 1.3.3 - Remote Code Execution

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...

CVE-2021-47748

CVE-2021-47748 concerns Hasura GraphQL 1.3.3, describing a remote code execution via SQL query manipulation. Attackers can inject commands into the run_sql endpoint, leveraging PostgreSQL COPY FROM PROGRAM to execute system commands. Connected sources corroborate the RCE vector and affected compo...

Security update for postgresql17, postgresql18

This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: Fix build with uring for post SLE15 code streams. Update to 18.1: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/18.1/ bsc1253332, CVE-2025-12817: Missing check f...

SUSE-SU-2026:0197-1 Security update for postgresql17, postgresql18

This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/18.1/ bsc1253332, CVE-2025-12817: Missing check...

Exploit for OS Command Injection in Postgresql

usage: CVE-2019-9193.py -h -i IP -p PORT -d DATABASE...

MiracleLinux 8 : postgresql:16 (AXSA:2026-061:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-061:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...

MiracleLinux 9 : postgresql:15 (AXSA:2026-062:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-062:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...

PT-2026-3794

Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description Hasura GraphQL version 1.3.3 contains a remote code execution issue. Attackers can execute arbitrary shell commands through SQL query manipulation. The issue allows command injection into the run sql...

MiracleLinux 9 : postgresql:16 (AXSA:2026-063:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-063:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...

PT-2026-3859

Name of the Vulnerable Software and Affected Versions SQLBot versions prior to 1.5.0 Description SQLBot is an intelligent data query system based on a large language model and RAG. A missing authentication check in the /api/v1/datasource/uploadExcel endpoint allows unauthenticated remote attacker...

RHEL 10 : libpq (RHSA-2026:0865)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0865 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql:...

MiracleLinux 8 : postgresql:15 (AXSA:2026-060:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-060:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...

postgresql: libpq: libpq undersizes allocations, via integer wraparound

A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application...

CLSA-2026-1768910677 postgresql: Fix of CVE-2025-12818

Update to 13.23 - CVE-2025-12818: fix integer overflow in allocation-size calculations...

RHSA-2026:0835 Red Hat Security Advisory: libpq security update

Bulletin has no description...

postgresql: libpq: libpq undersizes allocations, via integer wraparound

A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application...

Moderate: Red Hat Security Advisory: libpq security update

An update for libpq is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

MiracleLinux 7 : postgresql-9.2.24-6.el7 (AXSA:2021-1738:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1738:01 advisory. postgresql: Reconnection can downgrade connection security settings CVE-2020-25694 postgresql: Multiple features escape security restricted operatio...

MiracleLinux 8 : postgresql:9.6 (AXSA:2021-2310:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2310:01 advisory. postgresql: Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027 postgresql: Memory disclosure in INSERT ... ON...