CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ROS-20250923-14

The vulnerability of the core server component of the PostgreSQL database management system is related to flaws in the in access control. Exploitation of the vulnerability could allow a remote intruder to bypass ACL security restrictions and gain unauthorized access to protected information. ACL...

Redos•added 2025/09/23 12:0 a.m.•4 views

ROS-20250923-11

ROS-20250923-12

Redos•added 2025/09/23 12:0 a.m.•4 views

ROS-20250923-13

Redos•added 2025/09/23 12:0 a.m.•2 views

ROS-20250923-09

ROS-20250923-10

Redos•added 2025/09/23 12:0 a.m.•2 views

ROS-20250923-08

ROS-20250923-07

RedHat Linux•added 2025/09/22 11:39 p.m.•5 views

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.12.5 release and security update

Red Hat AMQ Broker 7.12.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.8CVSS7AI score0.01495EPSS

Exploits1References6

Gitee•added 2025/09/21 10:50 p.m.•88 views

geminabox

It is an offensive tool for RubyGem hosting. The repository contains a simple RubyGem hosting system called Gem in a Box. It allows users to host their own RubyGems, and it includes features such as user authentication, gem versioning, and a web interface for browsing and downloading gems. The to...

7.2AI score

Exploits0

IBM Security Bulletins•added 2025/09/20 11:33 a.m.•7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql-42.7.6.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql-42.7.6.jar Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel bindin...

8.2CVSS6.5AI score0.00461EPSS

Exploits0Affected Software1

SUSE CVE•added 2025/09/19 11:22 p.m.•2 views

SUSE CVE-2025-58450

pREST PostgreSQL REST, is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a...

9.3CVSS7.9AI score0.00341EPSS

Exploits0References2

OSV•added 2025/09/19 2:49 p.m.•3 views

CLSA-2025-1758293394 postgresql: Fix of 2 CVEs

CVE-2025-8714: prevent execution of unsafe meta-commands in plain-text dumps pgdump/pgrestore/pgdumpall, psql restricted mode - CVE-2025-8715: sanitize newlines in object names to avoid unsafe SQL comments in dumps...

8.8CVSS6AI score0.00709EPSS

Exploits1References1

IBM Security Bulletins•added 2025/09/18 2:54 p.m.•4 views

Security Bulletin: Buffer Over-read in PostgreSQL GB18030 Encoding Validation Leading to Potential DoS , affects watsonx.data

Summary Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9,...

5.9CVSS5.9AI score0.00612EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/09/18 2:24 p.m.•4 views

CVE-2025-59333

The mcp-database-server MCP Server 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not...

8.1CVSS6.7AI score0.00363EPSS

Exploits1References1

OSV•added 2025/09/18 10:5 a.m.•3 views

RHSA-2025:16099 Red Hat Security Advisory: postgresql security update

Bulletin has no description...

8.8CVSS7AI score0.00709EPSS

Exploits1References8

RedHat Linux•added 2025/09/17 3:33 p.m.•4 views

postgresql: PostgreSQL code execution in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...

8.8CVSS7.8AI score0.00709EPSS

Exploits1References5

RedHat Linux•added 2025/09/17 3:33 p.m.•11 views

Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS7.7AI score0.00709EPSS

Exploits1References2

Tenable Nessus•added 2025/09/17 12:0 a.m.•3 views

RHEL 7 : postgresql (RHSA-2025:16099)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16099 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL code execution in restore...