CVE-2025-1094

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...

CVE-2025-1094 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...

CVE-2025-1094

CVE-2025-1094 affects PostgreSQL libpq and related command-line utilities. The issue is improper neutralization of quoting syntax in the libpq APIs PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn(), which can allow SQL injection when the application uses the func...

CVE-2025-1094 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...

CVE-2025-1094

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bitbucket Data Center and Server

This High severity org.postgresql:postgresql Dependency vulnerability was introduced in version 8.0 of Bitbucket Data Center. A version of the PostgreSQL JDBC driver is bundled in the Mesh Application /app/WEB-INF/mesh/mesh-app.jar however Mesh does not use the PostgreSQL driver, rather it uses a...

org.postgresql:postgresql Dependency in Bitbucket Data Center and Server

This High severity org.postgresql:postgresql Dependency vulnerability was introduced in version 8.0 of Bitbucket Data Center. A version of the PostgreSQL JDBC driver is bundled in the Mesh Application /app/WEB-INF/mesh/mesh-app.jar however Mesh does not use the PostgreSQL driver, rather it uses a...

DLA-4052-1 postgresql-13 - security update

Bulletin has no description...

OPENSUSE-SU-2025:14807-1 postgresql15-15.11-1.1 on GA media

These are all security issues fixed in the postgresql15-15.11-1.1 package on the GA media of openSUSE Tumbleweed...

PostgreSQL Vulnerable to Privileged Execution of Arbitrary SQL due to Late Privilege Drop in 'REFRESH MATERIALIZED VIEW CONCURRENTLY'

An authenticated attacker that has created a materialized view could run arbitrary SQL commands on a PostgreSQL server if a victim runs REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's view. If the victim is a superuser this could result in full compromise of the PostgreSQL server...

PostgreSQL Vulnerable to Denial-of-Service (DoS) in 'pg_signal_backend()'

PostgreSQL contains a denial-of-service DoS vulnerability. An attacker with superuser permissions could exploit this issue to cause the database to crash...

PostgreSQL Vulnerable to Privilege Escalation via Improper Checks in 'pg_stats_ext' and 'pg_stats_ext_exprs' Functions

PostgreSQL is vulnerable to privilege escalation. An attacker could exploit this to access views without correct privileges, potentially gaining access to sensitive data that they shouldn't have access to...

PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

pgjdbc, the PostgreSQL JDBC Driver, allows an attacker to inject SQL if using PreferQueryMode=SIMPLE. Note, this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a...

PT-2025-22574 · Astra Linux +5 · Astra Linux Special Edition +5

Уязвимость функций PQescapeLiteral, PQescapeIdentifier, PQescapeString и PQescapeStringConn библиотеки libpq системы управления базами данных PostgreSQL связана с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, etc. A security vulnerability exists in PostgreSQL. A security vulnerability...

KLA80205 SB vulnerability in PostgreSQL

SQL injection vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation Related products PostgreSQL CVE list CVE-2025-10...

VulnCheck KEV: CVE-2025-1094

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application...

OPENSUSE-SU-2025:14808-1 postgresql16-16.7-1.1 on GA media

These are all security issues fixed in the postgresql16-16.7-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:14805-1 postgresql13-13.19-1.1 on GA media

These are all security issues fixed in the postgresql13-13.19-1.1 package on the GA media of openSUSE Tumbleweed...

Debian dla-4052 : libecpg-compat3 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4052 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4052-2 [email protected] https://www.debian.org/lts/security/...