TencentOS Server 3: postgresql:15 (TSSA-2025:0779)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0779 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: postgresql:16 (TSSA-2025:0781)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0781 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-11177

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2025-34559

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-11177 External Login <= 1.11.2 - Unauthenticated SQL Injection via log

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-11177 External Login <= 1.11.2 - Unauthenticated SQL Injection via log

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Amazon Linux 2 : postgresql, --advisory ALAS2-2025-3035 (ALAS-2025-3035)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3035 advisory. Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for...

Medium: postgresql

Issue Overview: Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected...

SUSE SLES15 Security Update : postgresql14 (SUSE-SU-2025:03019-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03019-2 advisory. Upgrade to 14.19: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc124812...

Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.19: CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code in...

KLA90145 Multiple vulnerabilities in PostgreSQL

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Missing authorization vulnerability in PostgreSQL CREATE STATISTICS command can be exploited to cause denial of service...

Exploit for CVE-2024-27304

CVE-2024-27304-PoC references - DEF CON 32 - SQL Injectio...

postgresql security update

An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system DBM...

RLSA-2025:14878 Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation CVE-2025-8714 For more details about the security issues,...

[SECURITY] Fedora 42 Update: pgadmin4-9.8-2.fc42

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

RockyLinux 9 : postgresql (RLSA-2025:14878)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:14878 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation CVE-2025-87...

AlmaLinux 10 : postgresql16 (ALSA-2025:14826)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:14826 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation CVE-2025-87...

Security Bulletin: IBM Connect:Direct Web Services is affected by a PostgreSQL vulnerability (CVE-2025-49146)

Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to requir...

EUVD-2017-6564

Malware in sbrugna...

EUVD-2021-19916

Malware in sbrugna...