RHEL 9 : postgresql (RHSA-2026:0268)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0268 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: CREATE STATISTICS does not check fo...

CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...

CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

CVE-2024-2339

PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous...

ROOT-OS-DEBIAN-12-CVE-2025-12817 CVE-2025-12817 in rootio-postgresql-15 - Patched by Root

Root has patched CVE-2025-12817 in the rootio-postgresql-15 package for Root:Debian:12. Multiple fixed versions available...

PostgREST API Server Detected

PostgREST is a standalone web server that turns your PostgreSQL database directly into a RESTful API. By default, PostgREST does not implement any authentication or access control mechanisms, which can lead to unauthorized access to sensitive data if the server is exposed to untrusted networks...

postgresql:15 security update

An update is available for pgrepack, module.pgaudit, postgres-decoderbufs, module.pgrepack, module.postgres-decoderbufs, pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RLSA-2023:5269 Moderate: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

RockyLinux 8 : postgresql:15 (RLSA-2023:5269)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5269 advisory. postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining...

PT-2026-7845

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A heap buffer overflow in the pgcrypto component allows a...

PT-2026-7847

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 18.0 and 18.1 Description A heap buffer overflow exists in PostgreSQL's pg trgm component. A database user can exploit this issue with a crafted input string, potentially leading to unknown impacts, including possible...

PT-2026-7846

PostgreSQL and Affected Versions PostgreSQL versions prior to 18.3 PostgreSQL versions prior to 17.9 PostgreSQL versions prior to 16.13 PostgreSQL versions prior to 15.17 PostgreSQL versions prior to 14.22 PostgreSQL version 9.3 Description PostgreSQL is susceptible to a buffer overrun due to...

PT-2026-7844

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A lack of input type validation within the selectivity...

PT-2026-26292

Name of the Vulnerable Software and Affected Versions pgproto3 affected versions not specified Description A flaw exists in pgproto3 where a malicious or compromised PostgreSQL server can send a DataRow message containing a negative field length. This input validation issue can cause a denial of...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to PostgreSQL

Summary IBM Sterling Connect:Direct for Microsoft Windows has addressed multiple vulnerabilities within PostgreSQL CVE-2025-12818 and CVE-2025-12817 Vulnerability Details CVEID:CVE-2025-12818 DESCRIPTION: Integer wraparound in multiple PostgreSQL libpq client library functions allows an applicati...

CLSA-2025-1767000167 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checks to prevent crashes and improperly escaped data when PostgreSQL rejects invalid strings...

CVE-2025-14180

A flaw was found in PHP. When the PDO PHP Data Objects PostgreSQL driver is configured with PDO::ATTREMULATEPREPARES enabled, a remote attacker can exploit a vulnerability by providing an invalid character sequence within a prepared statement parameter. This can cause a null pointer dereference,...

SUSE CVE-2025-14180

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

CVE-2025-14180

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...