Lucene search
K

506 matches found

OSV
OSV
added 2025/06/12 4:15 p.m.4 views

DEBIAN-CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

6.5CVSS6.7AI score0.00371EPSS
Exploits1References1
NVD
NVD
added 2025/06/12 4:15 p.m.14 views

CVE-2025-29744

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...

5.4CVSS0.00193EPSS
Exploits1References2
OSV
OSV
added 2025/06/12 4:15 p.m.5 views

CVE-2025-29744

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...

5.4CVSS5.8AI score0.00193EPSS
Exploits1References2
NVD
NVD
added 2025/06/12 4:15 p.m.36 views

CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

6.5CVSS0.00371EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/06/12 12:0 a.m.7 views

go-pg pg 安全漏洞

go-pg pg is a go-pg open source ORM for Golang. A security vulnerability exists in go-pg pg version v10.13.0, which stems from an unvalidated /types/appendvalue.go component that could lead to an SQL injection attack...

6.5CVSS7.4AI score0.00371EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.3 views

PT-2025-25328 · Go-Pg · Go-Pg

Name of the Vulnerable Software and Affected Versions: go-pg pg version 10.13.0 Description: A SQL injection issue was discovered in the component /types/append value.go. This allows for potential SQL injection attacks. Recommendations: For go-pg pg version 10.13.0, consider restricting access to...

6.5CVSS7.2AI score0.00371EPSS
Exploits1References19
OSV
OSV
added 2025/06/12 12:0 a.m.6 views

CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

6.5CVSS8.5AI score0.00371EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/06/12 12:0 a.m.5 views

CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

7.8AI score0.00371EPSS
Exploits1References4
CVE
CVE
added 2025/06/12 12:0 a.m.67 views

CVE-2024-44905

CVE-2024-44905 affects go-pg pg v10.13.0 with an SQL injection flaw in /types/append_value.go. The NVD metrics (CVSS v3.1: 6.5, Network attack vector, no privileges, user interaction required, Confidentiality Impact High) indicate a remote risk if an attacker can trigger the vulnerable code path....

6.5CVSS8.5AI score0.00371EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2025/06/12 12:0 a.m.6 views

CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

6.5CVSS6.7AI score0.00371EPSS
Exploits1
Cvelist
Cvelist
added 2025/06/12 12:0 a.m.12 views

CVE-2025-29744

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...

0.00193EPSS
Exploits1References2
CVE
CVE
added 2025/06/12 12:0 a.m.58 views

CVE-2025-29744

CVE-2025-29744 affects pg-promise (Node.js PostgreSQL interface); root cause is improper handling of negative numbers, leading to SQL Injection in versions before 11.5.5. Public documents consistently describe a vulnerability in the query construction/parameter handling that can allow attacker-su...

5.4CVSS8.3AI score0.00193EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.7 views

PT-2025-25330 · Unknown · Pg-Promise

Name of the Vulnerable Software and Affected Versions: pg-promise versions prior to 11.5.5 Description: The issue is related to SQL Injection due to improper handling of negative numbers. Recommendations: For versions prior to 11.5.5, update to version 11.5.5 or later to resolve the issue...

5.4CVSS7.3AI score0.00193EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/06/12 12:0 a.m.3 views

pg-promise 安全漏洞

pg-promise is a PostgreSQL interface for Node.js by Vitaly Tomilov Personal Developer. A security vulnerability exists in pg-promise versions prior to 11.5.5, which stems from mishandling of negative numbers and may lead to SQL injection...

5.4CVSS7AI score0.00193EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/06/12 12:0 a.m.23 views

CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

0.00371EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 8:26 a.m.7 views

CVE-2019-15658

connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data...

7.5CVSS7.9AI score0.00981EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:12 p.m.10 views

CVE-2009-2882

Multiple cross-site scripting XSS vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to 1 browseladies.php and 2 browsemen.php, the 3 gender parameter to search.php, and the 4 id parameter to services.php...

4.3CVSS6AI score0.01511EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/05/09 12:0 a.m.7 views

The vulnerability of the pg-cluster component of the BIG-IP Next Central Manage application programming interface allows a attacker to disclose protected information.

The vulnerability of the pg-cluster component of the BIG-IP Next Central Manage application programming interface is related to the disclosure of information through registration files. Exploiting this vulnerability can allow an attacker to disclose the protected information...

4.6CVSS6.2AI score0.00159EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/05/01 5:44 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper escaping of a query parameter in the postgres64, postgres7, postgres8, and postgres9 drivers. An attacker can execute arbitrary SQL statements by injecting malicious SQL code into the pginsertid method...

10CVSS8.4AI score0.00664EPSS
Exploits0References2
Wolfi
Wolfi
added 2025/04/17 1:44 p.m.32 views

CVE-2025-22872 vulnerabilities

Vulnerabilities for packages: glow, minio-operator, newrelic-k8s-metadata-injection, malcontent, cloudprober, kubernetes-csi-external-resizer, kaniko, trufflehog, kubernetes-csi-driver-nfs, prometheus-blackbox-exporter, terraform-provider-acme, kaf, crossplane-provider-azure,...

6.5CVSS6.7AI score0.00478EPSS
Exploits0
Rows per page
Query Builder