@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Impact When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data emails, password reset tokens and achieve full account takeover without password cracking. Users...

SQL Injection

Overview @payloadcms/db-postgres is a The officially supported Postgres database adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts...

Important: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

AlmaLinux 9 : php:8.2 (ALSA-2026:1409)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1409 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...

CLEANSTART-2026-ZP68963 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cloudnative-pg-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

📄 Advantech IoTSuite / IoT Edge SQL Injection

A critical unauthenticated SQL injection vulnerability was identified in Advantech WISE-IoTSuite / SaaS Composer. The issue resides in the /displays/filename.json endpoint, where the filename parameter is improperly sanitized before being concatenated into a backend PostgreSQL query. An attacker...

RHEL 9 : php:8.2 (RHSA-2026:1169)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1169 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in...

Number withdrawal

phpPgAdmin is an open-source application developed by phppgadmin. It is the leading web-based management tool for Postgres databases...

MiracleLinux 7 : rh-postgresql10-postgresql-10.15-1.el7 (AXSA:2020-963:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-963:02 advisory. postgresql: Reconnection can downgrade connection security settings CVE-2020-25694 postgresql: Multiple features escape security restricted operation...

CLSA-2026-1768565904 libpq: Fix of CVE-2025-12818

Update to 13.23 - CVE-2025-12818: fix integer overflow in allocation-size calculations...

EDB Postgres Enterprise Manager security vulnerabilities

EDB Postgres Enterprise Manager is a database management and monitoring platform developed by EDB Corporation in the United States. Versions of EDB Postgres Enterprise Manager prior to version 9.8.1 contained security vulnerabilities. These vulnerabilities were due to insufficient input validatio...

MiracleLinux 4 : rh-postgresql94-postgresql-9.4.14-2.AXS4 (AXSA:2017-2465:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2465:03 advisory. Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use...

MiracleLinux 4 : rh-postgresql95-postgresql-9.5.9-1.AXS4 (AXSA:2017-2280:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2280:02 advisory. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty...

Oracle Linux 9 : postgresql:15 (ELSA-2026-0492)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0492 advisory. pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new build...

RHEL 8 : libpq (RHSA-2026:0695)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0695 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql:...

postgresql:15 security update

pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new build dependencies to fix build with lz4 enabled - Related: RHEL-47350 1.4.8-1 - Update to version 1.4.8 - Postgresql 15 is supported - Related: 212841...

Oracle Linux 8 : postgresql:15 (ELSA-2026-0524)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0524 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 15.15-1 - Update to 15.15 - Resolves: RHEL-128819 CVE-2025-12818 Tenable has extracted the preceding...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : PHP vulnerabilities (USN-7953-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7953-1 advisory. It was discovered that PHP incorrectly handled memory while reading images in multi-chunk mode. An...

postgresql:16 security update

pgaudit pgrepack postgres-decoderbufs postgresql 16.11-1 - Update to 16.11 - Resolves: RHEL-128820 CVE-2025-12818...

MiracleLinux 9 : podman-5.6.0-6.el9_7 (AXSA:2025-11464:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11464:11 advisory. database/sql: Postgres Scan Race Condition CVE-2025-47907 podman: Podman kube play command may overwrite host files CVE-2025-9566 Tenable has...