CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

8.8CVSS0.00385EPSS

Exploits0References1

Snyk•added 2025/08/14 1:0 p.m.•1 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection in the restore process via psql meta-commands inside a purpose-crafted object name. An attacker can execute arbitrary code by injecting meta commands into the file, which can be executed by an unknowing user during the...

8.8CVSS7.5AI score0.00385EPSS

Exploits0References2

Snyk•added 2025/08/14 1:0 p.m.•0 views

Exposure of Sensitive Information Through Metadata

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata via optimizer statistics. An attacker can access sensitive sampled data by querying views, partitions, or child tables by crafting a leaky operator that bypasses view access control lis...

4.3CVSS7.2AI score0.00205EPSS

Exploits0References2

vulnersOsv•added 2025/08/09 1:46 a.m.•6 views

@fedify/amqp (=0.2.0-dev.12), @fedify/postgres (>=0.3.0 <=0.3.0-dev.22) +1 more potentially affected by CVE-2025-54888 via @fedify/fedify (>=1.5.0-dev.732 <=1.5.0)

@fedify/fedify NPM version =1.5.0-dev.732, =0.3.0, =0.4.0, =0.4.0-dev.19 Source cves: CVE-2025-54888 Source advisory: SNYK:JS-FEDIFYFEDIFY-11735306...

8.7CVSS5.8AI score0.00707EPSS

Exploits0

vulnersOsv•added 2025/08/08 2:29 p.m.•2 views

@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.11) +6 more potentially affected by CVE-2025-54888 via @fedify/fedify (>=0.10.2 <=1.10.10)

@fedify/fedify NPM version =0.10.2, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2025-54888 Source advisory: OSV:GHSA-6JCC-XGCR-Q3H4...

8.7CVSS5.4AI score0.00707EPSS

Exploits0

OSV•added 2025/07/31 12:12 p.m.•5 views

CLSA-2025-1753963973 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...

7.5CVSS7.1AI score0.00953EPSS

Exploits0References1

OSV•added 2025/07/16 8:19 a.m.•5 views

BIT-PHP-MIN-2025-1735 pgsql extension does not check for errors during escaping

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

7.5CVSS9.4AI score0.00953EPSS

Exploits0References4