GHSA-CXV7-GMMP-228P NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`

Summary An authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula validation and embedded into a knex.raw ORDER BY clause, executing during...

CVE-2026-7816 pgAdmin 4: OS command injection in Import/Export query export via psql metacommand breakout

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

EUVD-2026-26247

pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS...

CVE-2024-5753 Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...

John the Ripper Postgres SQL Password Cracker

This module uses John the Ripper to attempt to crack Postgres password hashes, gathered by the postgreshashdump module. It is slower than some of the other JtR modules because it has to do some wordlist manipulation to properly handle postgres' format...

[USN-2120-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2120-1 February 24, 2014 postgresql-8.4, postgresql-9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubunt...