13230 matches found
EUVD-2025-208473
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default...
SQL Injection
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to SQL Injection in the handling of dot-notation field names with the sort, distinct, or where query parameters in PostgreSQL...
Parse Server: SQL injection via dot-notation field name in PostgreSQL
Impact An attacker can use a dot-notation field name in combination with the sort query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with t...
GHSA-QPR4-JRJ4-6F27 Parse Server: SQL injection via dot-notation field name in PostgreSQL
Impact An attacker can use a dot-notation field name in combination with the sort query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with t...
CVE-2025-13957
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: knative-net-istio-fips, kapp, datadog-agent, influxd, restic-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller, postgres-operator-fips, terraform-provider-azuread, crossplane-provider-aws-sqs-fips, elastic-agent,...
CVE-2025-13957
Summary: CVE-2025-13957 is a CWE-798 vulnerability involving hard-coded credentials that could lead to information disclosure and remote code execution when SOCKS Proxy is enabled, if administrator and PostgreSQL credentials are known. The issue is associated with Schneider Electric EcoStruxure I...
CVE-2025-13957
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default...
CVE-2025-13957
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default...
CVE-2025-13957
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default...
RHSA-2026:4110 Red Hat Security Advisory: postgresql:16 security update
Bulletin has no description...
RHSA-2026:4074 Red Hat Security Advisory: postgresql:13 security update
Bulletin has no description...
RHSA-2026:4075 Red Hat Security Advisory: postgresql:12 security update
Bulletin has no description...
RHSA-2026:4064 Red Hat Security Advisory: postgresql:12 security update
Bulletin has no description...
RHSA-2026:4063 Red Hat Security Advisory: postgresql:16 security update
Bulletin has no description...
RHSA-2026:4059 Red Hat Security Advisory: postgresql:15 security update
Bulletin has no description...
RHSA-2026:4024 Red Hat Security Advisory: postgresql:13 security update
Bulletin has no description...
postgresql:16 security update
An update is available for pgrepack, module.pgvector, pgaudit, module.postgis, postgis, pgvector, module.postgres-decoderbufs, module.pgaudit, postgresql, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base...
postgresql:16 security update
An update is available for pgrepack, pgaudit, module.postgres-decoderbufs, module.pgaudit, postgresql, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
PT-2026-24651
Impact An attacker can use a dot-notation field name in combination with the sort query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with t...