Lucene search
K

10 matches found

NVD
NVD
added 2026/06/02 4:16 p.m.11 views

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS0.00341EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

PostgreSQL Anonymizer 安全漏洞

PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a security vulnerability that stems from allowing users to obtain...

8.8CVSS6AI score0.0025EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2023/03/08 2:54 p.m.4 views

postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names

A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...

8CVSS7.3AI score0.01662EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/01/23 3:27 p.m.3 views

postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names

A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...

8CVSS7.3AI score0.01662EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/11/28 2:39 p.m.5 views

postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names

A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...

8CVSS7.3AI score0.01662EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/08/06 5:51 a.m.88 views

PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names

Impact What kind of vulnerability is it? Who is impacted? The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. ;, could lead to SQL injection. This could lead to...

8CVSS7.4AI score0.01662EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2022/08/06 5:51 a.m.9 views

GHSA-R38F-C4H4-HQQ2 PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names

Impact What kind of vulnerability is it? Who is impacted? The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. ;, could lead to SQL injection. This could lead to...

7.1CVSS7.1AI score0.01662EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2022/08/03 12:0 a.m.5 views

CVE-2022-31197 SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

7.1CVSS8.4AI score0.01662EPSS
Exploits1References5
OSV
OSV
added 2018/06/07 2:29 a.m.5 views

DEBIAN-CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

9.8CVSS9.5AI score0.10513EPSS
Exploits1References1
OSV
OSV
added 2018/06/07 2:29 a.m.11 views

CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

9.8CVSS9.6AI score
Exploits0References2
Rows per page
Query Builder