EUVD-2025-24810

Malicious code in bioql PyPI...

BIT-POSTGRESQL-2025-8714 PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client

Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...

DEBIAN-CVE-2025-8714

Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...

ManageEngine ADAudit Plus Xnode Enumeration

This module exploits default admin credentials for the DataEngine Xnode server in ADAudit Plus versions prior to 6.0.3 6032 in order to dump the contents of Xnode data repositories tables, which may contain a limited amount of Active Directory information including domain names, host names,...

ALPINE-CVE-2018-1053

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...