CVE-2026-25041 Budibase has a Command Injection in PostgreSQL Dump Command

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

CVE-2026-25041 Budibase has a Command Injection in PostgreSQL Dump Command

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

CVE-2026-25041

CVE-2026-25041 affects Budibase where the PostgreSQL integration builds a shell command by interpolating user-provided config (host, database, password, etc.) into the dump command in packages/server/src/integrations/postgres.ts. This creates a command-injection risk via crafted configuration val...

postgresql:15 security update

An update is available for pgrepack, pgaudit, module.postgres-decoderbufs, module.pgaudit, postgresql, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

postgresql:13 security update

An update is available for pgrepack, pgaudit, module.postgres-decoderbufs, module.pgaudit, postgresql, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

postgresql:12 security update

An update is available for pgrepack, pgaudit, module.postgres-decoderbufs, module.pgaudit, postgresql, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RLSA-2026:4024 Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator...

RLSA-2026:4064 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator...

RLSA-2026:4059 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator...

Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2

Summary Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2 Vulnerability Details CVEID:CVE-2024-22415 DESCRIPTION: jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters +...

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

postgresql: PostgreSQL oidvector discloses a few bytes of memory

A type validation flaw has been discovered in postgresql. Improper validation of the type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. It is possible that this may expose confidential information but it is unlikely...

Important: Red Hat Security Advisory: postgresql:16 security update

An update for the postgresql:16 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...

GHSA-726G-59WR-CJ4C @budibase/server: Command Injection in PostgreSQL Dump Command

Location: packages/server/src/integrations/postgres.ts:529-531 Description The PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other connection parameters are directly...

@budibase/server: Command Injection in PostgreSQL Dump Command

Location: packages/server/src/integrations/postgres.ts:529-531 Description The PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other connection parameters are directly...

EUVD-2026-10352

@budibase/server: Command Injection in PostgreSQL Dump Command...

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...