26 matches found
ROS-20260216-73-0001
A vulnerability in the hasmetacommands function of the pgAdmin 4 database management tool is related to incorrect code generation control. Exploitation of the vulnerability could allow a remote attacker to bypass existing security mechanisms by injecting a specially generated SQL file...
GHSA-3P7X-94Q9-JQ9X pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
Arbitrary Code Injection
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Arbitrary Code Injection via the hasmetacommands function. An attacker can execute arbitrary commands on the system by crafting a SQL file that begins with a UTF-8 Byte Order Mark or special byte sequences...
Oracle Linux 7 : postgresql (ELSA-2025-16099)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-16099 advisory. - Restrict psql meta-commands in plain-text dumps Orabug: 38442031CVE-2025-8714 - Resolves CVE-2025-1094: Improper neutralization of quoting syntax in certain...
postgresql security update
9.2.24-9.0.7 - Restrict psql meta-commands in plain-text dumps Orabug: 38442031CVE-2025-8714 9.2.24-9.0.5 - Resolves CVE-2025-1094: Improper neutralization of quoting syntax in certain - libpq functions Orabug: 37843176...
CVE-2025-59337
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixe...
BIT-DISCOURSE-2025-59337 Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixe...
EUVD-2025-32062
Malicious code in bioql PyPI...
EUVD-2025-24810
Malicious code in bioql PyPI...
CVE-2025-59337 Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixe...
PT-2025-40301
Name of the Vulnerable Software and Affected Versions Discourse versions 3.5.0 and below Description Discourse is a community discussion platform. A flaw exists where malicious meta-commands could be placed within a backup dump and then executed during the restore process. In environments with...
CLSA-2025-1758293394 postgresql: Fix of 2 CVEs
CVE-2025-8714: prevent execution of unsafe meta-commands in plain-text dumps pgdump/pgrestore/pgdumpall, psql restricted mode - CVE-2025-8715: sanitize newlines in object names to avoid unsafe SQL comments in dumps...
OESA-2025-2240 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
OESA-2025-2138 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
SUSE CVE-2025-8715
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...
CVE-2025-8714
Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...
CVE-2025-8714
Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...
ALPINE-CVE-2025-8714
Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...
ALPINE-CVE-2025-8715
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...
DEBIAN-CVE-2025-8714
Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...