ROOT-OS-DEBIAN-12-CVE-2025-12818 CVE-2025-12818 in rootio-postgresql-15 - Patched by Root

Root has patched CVE-2025-12818 in the rootio-postgresql-15 package for Root:Debian:12. Multiple fixed versions available...

postgresql security update

12.22-5.0.1 - Add backport of CVE-2025-8714 Orabug: 38667546 12.22-5 - Fix previous Backport 12.22-4 - Backport CVE-2025-8715 12.22-3 - Fix backport for CVE-2025-1094 12.22-2 - Backport fix for CVE-2025-1094 12.22-1 - Update to 12.22 - Fixes: CVE-2024-10976 CVE-2024-10978 12.20-1 - Update to 12.2...

OPENSUSE-SU-2025:15783-1 postgresql14-14.20-1.1 on GA media

These are all security issues fixed in the postgresql14-14.20-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15786-1 postgresql17-17.7-1.1 on GA media

These are all security issues fixed in the postgresql17-17.7-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15784-1 postgresql15-15.15-1.1 on GA media

These are all security issues fixed in the postgresql15-15.15-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15785-1 postgresql16-16.11-1.1 on GA media

These are all security issues fixed in the postgresql16-16.11-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15782-1 postgresql13-13.23-1.1 on GA media

These are all security issues fixed in the postgresql13-13.23-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-66260

PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...

CVE-2025-66260

PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...

CVE-2025-66260

The CVE-2025-66260 entry concerns the DB Electronica Mozart FM Transmitter product line (versions 30–7000). The root cause is SQL injection in status_sql.php: the endpoint constructs UPDATE statements by directly concatenating user-supplied sw1 and sw2 parameters instead of using parameterized qu...

CVE-2025-66260 PostgreSQL SQL Injection (status_sql.php)

PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...

EUVD-2025-199673

PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...

CVE-2025-66260 PostgreSQL SQL Injection (status_sql.php)

PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...

PT-2025-48114

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 Description The software is susceptible to a SQL injection issue through the status sql.php endpoint. The endpoint...

ROOT-OS-DEBIAN-13-CVE-2025-12818 CVE-2025-12818 in rootio-postgresql-17 - Patched by Root

Root has patched CVE-2025-12818 in the rootio-postgresql-17 package for Root:Debian:13. Multiple fixed versions available...

webVuln-scanner

WebVuln Scanner An advanced web vulnerability scanner with cu...

Malicious code in @trigo/atrix-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e14a54095c9b7bc146d414230ec3c364d9dfb381dd4554ec3003ac116e69824 The package @trigo/atrix-postgres was found to contain malicious code. Source: ghsa-malware...

BIT-POSTGRESQL-2025-12818 PostgreSQL libpq undersizes allocations, via integer wraparound

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions...

BIT-POSTGRESQL-2025-12817 PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

GHSA-G6XH-WRPF-V6J6 phppgadmin contains a SQL injection vulnerability

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...