Advisory ROSA-SA-2025-2829

Software: postgresql-jdbc 42.2.28 OS: ROSA Virtualization 3.0 packageevrstring: postgresql-jdbc-42.2.28-1.0.1.rv30 CVE-ID: CVE-2024-1597 BDU-ID: 2024-01541 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the JDBC driver pgjdbc for connecting Java programs to a PostgreSQL database is related to...

Advisory ROSA-SA-2025-2827

Software: postgresql 13.20 OS: ROSA Virtualization 3.0 packageevrstring: postgresql-13.20-1.rv30 CVE-ID: CVE-2024-10976 BDU-ID: 2024-09684 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CREATE POLICY row-protected table security policy of the PostgreSQL database management system is related to a...

Advisory ROSA-SA-2025-2828

Software: postgresql14 14.16 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.16-1PGDG.rv30 CVE-ID: CVE-2024-10976 BDU-ID: 2024-09684 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CREATE POLICY row-protected table security policy of the PostgreSQL database management system is...

Advisory ROSA-SA-2025-2787

Software: postgresql15 15.12 OS: rosa-server79 packageevrstring: postgresql15-15.12-1PGDG.res7 CVE-ID: CVE-2024-7348 BDU-ID: 2024-06153 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer du...

Advisory ROSA-SA-2025-2788

Software: postgresql 9.2.24 OS: rosa-server79 packageevrstring: postgresql-9.2.24-9.0.4.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, arraysubscripthandler functions of the PostgreSQL database management system is related...

Security Bulletin: IBM Sterling Connect:Direct Web Services 6.1 is affected by PostgreSQL vulnerability.

Summary IBM Connect:Direct Web Services uses PostgreSQL and is vulnerable to CVE-2025-1094. Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn...

📄 PgAdmin Query Tool Authenticated Remote Code Execution

This Metasploit module exploits a vulnerability in pgAdmin where an authenticated user can establish a connection to the query tool and send a specific payload in the querycommited POST parameter. This payload is directly executed via a Python eval statement, resulting in remote code execution in...

Appsmith RCE

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. Module Options msf use exploit/linux/http/appsmithrcecve202455964 msf exploitappsmithrcecve202455964 show targets ...targets... msf...

K000150746: PostgreSQL vulnerabilities CVE-2021-32028 and CVE-2021-32029

Security Advisory Description CVE-2021-32028 A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data...

K000150744: PostgreSQL vulnerability CVE-2025-1094

Security Advisory Description Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requir...

📄 Appsmith Remote Code Execution

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

CVE-2025-31480

aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and...

CVE-2025-31480

aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and...

CVE-2025-31480 aiven-extras allows PostgreSQL Privilege Escalation through format function

aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and...

CVE-2025-31480 aiven-extras allows PostgreSQL Privilege Escalation through format function

aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and...

CVE-2025-31480 aiven-extras allows PostgreSQL Privilege Escalation through format function

aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and...

CVE-2025-31480

The CVE-2025-31480 affects the aiven-extras PostgreSQL extension. The root cause is the format function not being schema-prefixed, enabling privilege escalation to superuser in PostgreSQL databases that have aiven-extras installed. Remediation per the sources is to upgrade to version 1.1.16 and, ...

📄 AppSmith 1.47 Remote Code Execution

AppSmith version 1.4.7 suffers from a remote code execution vulnerability. Exploit Title: AppSmith 1.47 - Remote Code Execution RCE Original Author: Rhino Security Labs Exploit Author: Nishanth Anand Exploit Date: April 2, 2025 Vendor Homepage: https://www.appsmith.com/ Software Link:...

PT-2025-14903 · Aiven · Aiven-Extras

Name of the Vulnerable Software and Affected Versions: aiven-extras versions prior to 1.1.16 Description: This issue is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases using the aiven-extras package. It leverages the format function not being...

BIT-APPSMITH-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...