CVE-2026-21708

CVE-2026-21708 : In Veeam Backup & Replication, a vulnerability allows a Backup Viewer to perform remote code execution (RCE) with the privileges of the PostgreSQL user. Affected are 12.x versions prior to 12.3.2.4465; CVE-21708 is also addressed in 13.0.1.2067 (alongside other fixes). The connec...

CVE-2026-21708

A vulnerability allowing a Backup Viewer to perform remote code execution RCE as the postgres user...

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities allow an authenticated domain user to remotely execute code on the backup server, which can lead to unauthorized control of backup operations. This issue is present in the backup server environment and can be...

Veeam Backup And Replication 安全漏洞

Veeam Backup and Replication is a backup and replication software developed by the American company Veeam. There is a security vulnerability in Veeam Backup and Replication, which stems from allowing backup administrators to execute remote code as the postgres user...

PT-2026-25006

Name of the Vulnerable Software and Affected Versions Veeam Backup and Recovery affected versions not specified Description A flaw exists that allows a Backup Viewer to execute code remotely as the postgres user. This issue has a CVSS score of 10.0 and is considered critical. The vulnerability...

CVE-2026-31871 Parse Server has a SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g.,...

SQL Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to SQL Injection in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-infrastructure-agent, configmap-reload, conjur-cli, litefs, mods, azure-service-operator, croc, kapp, tfsec, rancher, skopeo, authservice, steampipe, nri-elasticsearch, crossplane-provider-aws-rds, prometheus-blackbox-exporter...

GHSA-J3GX-2473-5FP8 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-infrastructure-agent, configmap-reload, conjur-cli, litefs, mods, azure-service-operator, croc, kapp, tfsec, rancher, skopeo, authservice, steampipe, nri-elasticsearch, crossplane-provider-aws-rds, prometheus-blackbox-exporter...

GHSA-RV83-G57W-FR8J vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-infrastructure-agent, configmap-reload, conjur-cli, litefs, mods, azure-service-operator, croc, kapp, tfsec, rancher, skopeo, authservice, steampipe, nri-elasticsearch, crossplane-provider-aws-rds, prometheus-blackbox-exporter...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: skopeo-fips, amazon-ssm-agent-fips, rke2-cloud-provider-fips, pulumi, karma, kubernetes-ingress-defaultbackend-fips, falcoctl, mongodb-kubernetes-operator-fips, azcopy, crossplane-provider-aws-lambda, kubernetes-csi-external-attacher-fips, victoriametrics, sops-fips,...

GHSA-RV83-G57W-FR8J vulnerabilities

Vulnerabilities for packages: skopeo-fips, amazon-ssm-agent-fips, rke2-cloud-provider-fips, pulumi, karma, kubernetes-ingress-defaultbackend-fips, falcoctl, mongodb-kubernetes-operator-fips, azcopy, crossplane-provider-aws-lambda, kubernetes-csi-external-attacher-fips, victoriametrics, sops-fips,...

Oracle Linux 9 : postgresql:16 (ELSA-2026-4110)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4110 advisory. pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3635 pgrepack 1.5.1-1 - Update to v1.5.1...

CVE-2026-25041 Budibase has a Command Injection in PostgreSQL Dump Command

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

postgresql:12 security update

An update is available for pgrepack, pgaudit, module.postgres-decoderbufs, module.pgaudit, postgresql, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

postgresql:15 security update

pgaudit 1.7.0-1 - Update to 1.7.0 - Support postgresql 15 - Related: 2128241 1.5.0-1 - Update to version 1.5.0 Related: 1855776 1.4.0-4 - Bump release for rebuild against libpq-12.1-3 1.4.0-3 - BuildRequires libpq-devel 1.4.0-2 - BuildRequires postgresql-server-devel 1.4.0-1 - Update to 1.4.0...

postgresql:16 security update

pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3635 pgrepack 1.5.1-1 - Update to v1.5.1 1.4.8-2 - Add new build dependencies to fix build with lz4 enabled - Related: RHEL-47604 1.4.8-1 - Resolves: RHEL-3636 - Initial import for PG 16...

Oracle Linux 9 : postgresql:15 (ELSA-2026-3896)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3896 advisory. pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new build...

@powersync/cli-core (>=0.0.0-dev-20260305082615 <=0.9.2), @powersync/cli-plugin-config-edit (>=0.0.0-dev-20260305082615 <=0.9.2) +19 more potentially affected by CVE-2026-30870 via @powersync/service-sync-rules (=0.32.0)

@powersync/service-sync-rules NPM version =0.32.0 is affected by a known vulnerability. The following packages have a transitive dependency on @powersync/service-sync-rules and may be impacted: - @powersync/cli-core =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615,...

WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

Summary A critical Remote Code Execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By...