506 matches found
DEBIAN-CVE-2024-44905
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...
CVE-2025-29744
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...
CVE-2025-29744
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...
CVE-2024-44905
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...
go-pg pg 安全漏洞
go-pg pg is a go-pg open source ORM for Golang. A security vulnerability exists in go-pg pg version v10.13.0, which stems from an unvalidated /types/appendvalue.go component that could lead to an SQL injection attack...
PT-2025-25328 · Go-Pg · Go-Pg
Name of the Vulnerable Software and Affected Versions: go-pg pg version 10.13.0 Description: A SQL injection issue was discovered in the component /types/append value.go. This allows for potential SQL injection attacks. Recommendations: For go-pg pg version 10.13.0, consider restricting access to...
CVE-2024-44905
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...
CVE-2024-44905
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...
CVE-2024-44905
CVE-2024-44905 affects go-pg pg v10.13.0 with an SQL injection flaw in /types/append_value.go. The NVD metrics (CVSS v3.1: 6.5, Network attack vector, no privileges, user interaction required, Confidentiality Impact High) indicate a remote risk if an attacker can trigger the vulnerable code path....
CVE-2024-44905
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...
CVE-2025-29744
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...
CVE-2025-29744
CVE-2025-29744 affects pg-promise (Node.js PostgreSQL interface); root cause is improper handling of negative numbers, leading to SQL Injection in versions before 11.5.5. Public documents consistently describe a vulnerability in the query construction/parameter handling that can allow attacker-su...
PT-2025-25330 · Unknown · Pg-Promise
Name of the Vulnerable Software and Affected Versions: pg-promise versions prior to 11.5.5 Description: The issue is related to SQL Injection due to improper handling of negative numbers. Recommendations: For versions prior to 11.5.5, update to version 11.5.5 or later to resolve the issue...
pg-promise 安全漏洞
pg-promise is a PostgreSQL interface for Node.js by Vitaly Tomilov Personal Developer. A security vulnerability exists in pg-promise versions prior to 11.5.5, which stems from mishandling of negative numbers and may lead to SQL injection...
CVE-2024-44905
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...
CVE-2019-15658
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data...
CVE-2009-2882
Multiple cross-site scripting XSS vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to 1 browseladies.php and 2 browsemen.php, the 3 gender parameter to search.php, and the 4 id parameter to services.php...
The vulnerability of the pg-cluster component of the BIG-IP Next Central Manage application programming interface allows a attacker to disclose protected information.
The vulnerability of the pg-cluster component of the BIG-IP Next Central Manage application programming interface is related to the disclosure of information through registration files. Exploiting this vulnerability can allow an attacker to disclose the protected information...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection due to improper escaping of a query parameter in the postgres64, postgres7, postgres8, and postgres9 drivers. An attacker can execute arbitrary SQL statements by injecting malicious SQL code into the pginsertid method...
CVE-2025-22872 vulnerabilities
Vulnerabilities for packages: glow, minio-operator, newrelic-k8s-metadata-injection, malcontent, cloudprober, kubernetes-csi-external-resizer, kaniko, trufflehog, kubernetes-csi-driver-nfs, prometheus-blackbox-exporter, terraform-provider-acme, kaf, crossplane-provider-azure,...