OESA-2025-1698 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

SUSE SLES15 Security Update : postgresql15 (SUSE-SU-2025:01748-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01748-2 advisory. Upgrade to 15.13: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fail...

Amazon Linux 2 : postgresql (ALAS-2025-2902)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2902 advisory. Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of...

Medium: postgresql

Issue Overview: Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5...

Medium: postgresql

Issue Overview: Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5...

Exploit for CVE-2025-1094

CVE-2025-1094 SQL Injection to RCE via WebSocket 🔥 ✔️ Descr...

CVE-2025-52467

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

The vulnerability of the PostgreSQL PgBouncer connection pool program, related to authentication process flaws, allows attackers to gain unauthorized access to the application.

The vulnerability of the PgBouncer connection pool program in PostgreSQL involves deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to the application...

Oracle Linux 7 : postgresql (ELSA-2025-3978)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3978 advisory. - Resolves CVE-2025-1094: Improper neutralization of quoting syntax in certain Tenable has extracted the preceding description block directly from the Oracle...

CVE-2025-52467

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

CVE-2025-52467 pgai secrets exfiltration via `pull_request_target`

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

Xata Agent 路径遍历漏洞

Xata Agent is a Xata open source AI agent specialist in PostgreSQL. A path traversal vulnerability exists in Xata Agent 0.3.0 and earlier versions, which stems from path traversal due to the operation of the parameter passed in the file apps/dbagent/src/app/api/evals/route.ts...

ROS-20250619-05

A vulnerability in the PostgreSQL PgBouncer connection pooling program is related to the fact that a password can be used after it expires, because authquery does not take into account the value of Postgre's VALID UNTIL. Exploitation of the vulnerability allows an attacker acting remotely to gain...

Exploit for CVE-2025-1094

I have written this exploit with reference to the PoC available...

postgresql security update

9.2.24-9.0.5 - Resolves CVE-2025-1094: Improper neutralization of quoting syntax in certain - libpq functions Orabug: 37843176...

pgai 信息泄露漏洞

pgai is a set of tools open-sourced by timescale to make it easier to develop RAG, semantic search, and other AI applications using PostgreSQL. An information disclosure vulnerability exists in pgai, which stems from a vulnerability that allows an attacker to steal all secrets in a workflow...

CVE-2025-21085

PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization...

Astra Linux – Vulnerability in PostgresSQL-15

Over-reading of buffers in PostgreSQL’s GB18030 encoding validation allows a database input provider to cause temporary denial of service on platforms where a 1-byte over-reading can lead to process termination. This affects both the database server and libpq. Versions prior to PostgreSQL 17.5,...

TencentOS Server 3: postgresql:10 (TSSA-2023:0199)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0199 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: postgresql:15 (TSSA-2024:0774)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0774 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...