SUSE CVE-2025-14180

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

CVE-2025-14180

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

CVE-2025-14180

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

UBUNTU-CVE-2025-14180

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

EUVD-2025-205486

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

PHP 安全漏洞

PHP is a scripting language executed server-side by PHP Open Source. A security vulnerability exists in PHP versions prior to 8.1.34, 8.2.30, 8.3.29, 8.4.16, and 8.5.1, which stems from a null pointer dereference in the PDO PostgreSQL driver that could cause a crash...

EUVD-2025-48942

AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow privilege escalation to the rds_superuser role via a crafted function executed by a low-privileged authenticated user. Affected wrappers include AWS JDBC Wrapper, AWS Go Wrapper, AWS NodeJS Wrapper, AWS Python Wrapper, and AWS PGSQL ...

Security Bulletin: IBM Cognos Analytics Certified Containers is affected by security vulnerabilities

Summary IBM Cognos Analytics Certified Containers is affected by vulnerabilities in the PostgreSQL JDBC Driver. Additionally , IBM Cognos Certified Containers is affected by an Information Disclosure vulnerability. Vulnerability Details CVEID:CVE-2022-31197 DESCRIPTION: PostgreSQL JDBC Driver...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities.

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by...

pg8000 安全漏洞

pg8000 is a PostgreSQL database driver by tlocke individual developers. A security vulnerability exists in pg8000 version 1.31.4, which stems from not properly handling Python list input and could lead to an SQL injection attack...

Security Bulletin: IBM Connect:Direct Web Services is affected by a PostgreSQL vulnerability (CVE-2025-49146)

Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to requir...

EUVD-2024-0972

Malicious code in bioql PyPI...

EUVD-2025-13113

Malicious code in bioql PyPI...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql-42.7.6.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql-42.7.6.jar Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel bindin...

Security Bulletin: IBM Event Processing is vulnerable to Improper Authentication

Summary IBM Event Processing's backend contains a version of JDBC driver that may allow unwanted connections. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with...

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql-42.5.1.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql-42.5.1.jar Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default...

UBUNTU-CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

Incorrect Implementation of Authentication Algorithm

Overview org.postgresql:postgresql is a Java JDBC 4.2 JRE 8+ driver for PostgreSQL database. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm allowing fallback to insecure authentication despite channelBinding being set to required. The...