CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...

CVE-2025-1709 CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...

CVE-2025-1709

CVE-2025-1709 concerns Endress+Hauser MEAC300-FNADE4: information disclosure caused by local PostgreSQL credentials stored in plaintext (partially base64 encoded). Several connected sources reiterate that credentials are exposed, impacting confidentiality. Root cause: credentials stored in plaint...

CVE-2025-1709 CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...

CVE-2025-1708 CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

CVE-2025-1708

CVE-2025-1708 affects the Endress+Hauser MEAC300-FNADE4 (Endress+Hauser) through an SQL injection vulnerability. The included documents consistently describe that an attacker can exploit improper validation to dump/read data from the PostgreSQL back-end database (and potentially view/add/modify/d...

CVE-2025-1708 CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

PT-2025-27770

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The application is vulnerable to SQL injection attacks, allowing an attacker to dump the PostgreSQL database and read its content. Recommendations: At the moment, there is no information abo...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 2.10.11 that stem...

ROS-20250616-15

Vulnerability in libpq library of PostgreSQL database management system is associated with buffer overflow when checking PostgreSQL GB18030 encoding. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

MGASA-2025-0179 Updated php-adodb packages fix security vulnerability

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...

Updated php-adodb packages fix security vulnerability

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...

CVE-2023-3264

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

CVE-2020-15070

Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...

CVE-2013-3279

EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection...

CVE-2025-22248

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOLSRCHECKUSER is the user that Pgpool itself uses to perform streaming replication check...

SQL Injection

ADOdb is vulnerable to SQL Injection. The vulnerability is due to improper escaping due to the use of unsanitized user input in the pginsertid function when connected to a PostgreSQL database...

CVE-2025-46337

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...

GHSA-8X27-JWJR-8545 SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. Impact PostgreSQL...