CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

CVE-2021-43035

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full acces...

CVE-2019-15534

Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update...

CVE-2014-9576

VDG Security SENSE formerly DIVA 2.3.13 has a hardcoded password of 1 ArpaRomaWi for the root Postgres account and !DVService for the 2 postgres and 3 NTP Windows user accounts, which allows remote attackers to obtain access...

CVE-2016-10782

cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs SEC-181...

CVE-2017-18386

cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin SEC-313...

CVE-2019-10749

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

CVE-2006-6469

Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port 5432/tcp, which has unknown impact and remote attack vectors, probably related to unauthorized connections to a PostgreSQL daemon...

CVE-2025-22248 [pgpool] Unauthenticated access to postgres through pgpool

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOLSRCHECKUSER is the user that Pgpool itself uses to perform streaming replication check...

PT-2025-20841 · Bitnami +2 · Bitnami/Postgres-Ha +3

Name of the Vulnerable Software and Affected Versions: bitnami/pgpool affected versions not specified bitnami/postgres-ha affected versions not specified Description: The bitnami/pgpool Docker image and the bitnami/postgres-ha k8s chart, under default configurations, come with a repmgr user that...

BIT-PGBOUNCER-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

BIT-SUPERSET-2024-53947 Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887...

CVE-2025-29189

Flowise = 2.2.3 is vulnerable to SQL Injection. via tableName parameter at PostgresVectorStores...

PT-2025-15692 · Flowise · Flowise

Name of the Vulnerable Software and Affected Versions: Flowise versions 2.2.3 and earlier Description: The issue is related to SQL Injection, which occurs via the tableName parameter at Postgres VectorStores. This allows for potential exploitation. Recommendations: For versions 2.2.3 and earlier,...

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise 2.2.3 and earlier versions that stems from an SQL injection in the tableName parameter of PostgresVectorStores...

postgresql:12 security update

pgaudit postgres-decoderbufs postgresql 12.22-3 - Fix backport for CVE-2025-1094 12.22-2 - Backport fix for CVE-2025-1094...

OESA-2025-1228 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

postgresql:15 security update

pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new build dependencies to fix build with lz4 enabled - Related: RHEL-47350 1.4.8-1 - Update to version 1.4.8 - Postgresql 15 is supported - Related: 212841...

postgresql:13 security update

pgaudit 1.5.0-1 - Update to version 1.5.0 Related: 1855776 pgrepack 1.4.6-3 - Release bump - enable gating postgres-decoderbufs 0.10.0-2 - Release bump for rebuild against libpq-12.1-3 postgresql 13.20-1 - Update to 13.20 - Fix CVE-2025-1094...