CVE-2025-60785

The incident affects iceScrum v7.54 Pro On-prem, specifically the Postgres Drivers component. A remote code execution (RCE) vulnerability exists that allows an attacker to run arbitrary code by presenting a crafted HTML page. The publicly documented impact is high (CVE-2025-60785) with the abilit...

CVE-2025-60785

A remote code execution RCE vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page...

Astra Linux – Vulnerability in PostgresSQL-15

The vulnerability of the SECURITY DEFINER function in a relational database management system like PostgreSQL is related to insecure management of privileges. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

Astra Linux – Vulnerability in PostgresSQL-15

PostgreSQL optimizer statistics enable users to read sampled data within views that the user cannot access. Additionally, statistics allow users to access sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; th...

Astra Linux – Vulnerability in PostgresSQL-15

Improper handling of newline characters in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for execution during the restore process, through the client operating system account running psql. This occurs via psql meta-commands within a purpose-crafted object name...

Astra Linux – Vulnerability in PostgresSQL-15

Inclusion of untrusted data in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for execution during the restore process, as the client operating system account running psql restores the dump using psql meta-commands. pgdumpall is also affected...

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, and 8.4. pgsql and pdopgsql versions, the escaping functions do not check whether the underlying quoting functions return errors. This could lead to crashes if the Postgres server rejects the string as invalid...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to various issues in postgresql

Summary IBM Watson Speech Services Cartridge is vulnerable to various issues in postgresql please see below. Postgresql is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2023-39417 DESCRIPTION: I...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities.

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by...

Security Bulletin: for Multiple CVEs : CVE-2024-10976 , CVE-2025-4207, CVE-2023-5870 and CVE-2025-1094

Summary Security Bulletin for Multiple CVEs. Refer below Vulnerability details for more detials. Vulnerability Details CVEID:CVE-2024-10976 DESCRIPTION: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended...

Security Bulletin: CVE-2023-39417 - Extension script @substitutions@ within quoting allow SQL injection

Summary IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker...

Improper Access Control

@executeautomation/database-server is vulnerable to Improper Access Control. The vulnerability is due to inadequate enforcement of the “read-only” mode in the npm distribution, which allows an attacker to perform unauthorized operations on connected databases such as PostgreSQL...

Advisory ROSA-SA-2025-3036

Software: postgresql13 13.21 OS: rosa-server79 unaffected versions = postgresql13-13.21-1PGDG.res7 affected versions postgresql13-13.21-1PGDG.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, arraysubscripthandler functions o...

Advisory ROSA-SA-2025-3038

Software: postgresql15 15.14 OS: rosa-server79 unaffected versions = postgresql15-15.14-1PGDG.res7 affected versions postgresql15-15.14-1PGDG.res7 CVE-ID: CVE-2017-7484 BDU-ID: 2019-03334 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to a lack o...

Advisory ROSA-SA-2025-3037

Software: postgresql14 14.18 OS: rosa-server79 unaffected versions = postgresql14-14.18-1PGDG.res7 affected versions postgresql14-14.18-1PGDG.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, and arraysubscripthandler functio...

pg8000 安全漏洞

pg8000 is a PostgreSQL database driver by tlocke individual developers. A security vulnerability exists in pg8000 version 1.31.4, which stems from not properly handling Python list input and could lead to an SQL injection attack...

TencentOS Server 2: postgresql (TSSA-2025:0806)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0806 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: postgresql:12 (TSSA-2025:0817)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0817 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Exploit for CVE-2025-1094

🛠️ CVE-2025-1094 Lab Setup ⚠️ Disclaimer This lab i...

CVE-2025-11177

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...