Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign

Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a...

CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims

Cloud environments at risk: Attackers target weak PostgreSQL instances with fileless cryptominer payloads...

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

Deserialization Of Untrusted Data

H2O-3 is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization due to user-controlled JDBC URLs being passed to DriverManager.getConnection, which can trigger deserialization of untrusted data when MySQL or PostgreSQL drivers are available in the...

SUSE CVE-2002-0972

Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions 1 lpad or 2 rpad...

Photon OS 5.0: Postgresql13 PHSA-2025-5.0-0490

An update of the postgresql13 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0490. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

CLSA-2025-1743011981 postgresql: Fix of CVE-2024-10979

CVE-2024-10979: fix incorrect control of environment variables in PostgreSQL PL/Perl...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-10977 DESCRIPTION: PostgreSQL could provide weaker than expected security,...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1 Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could allow a remote authenticated attack...

CVE-2024-55964

CVE-2024-55964 — Appsmith RCE : A misconfigured PostgreSQL instance in the Appsmith image (pre-1.52) enables remote command execution inside the Appsmith Docker container. To exploit, an attacker must access Appsmith, log in, create a datasource, craft a query against that datasource, and execute...

Appsmith 安全漏洞

Appsmith is an open source platform for building, deploying, and maintaining internal applications from Appsmith Open Source. A security vulnerability exists in Appsmith versions prior to 1.52 that stems from a PostgreSQL misconfiguration that could lead to remote command execution...

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

Important Photon OS Security Update - PHSA-2025-5.0-0490

Updates of 'postgresql14', 'postgresql15', 'libxslt', 'postgresql13' packages of Photon OS have been released...

PT-2025-12998

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.52 Description An issue was discovered in Appsmith where an incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must...

CLSA-2025-1742924432 postgresql: Fix of CVE-2025-1094

CVE-2025-1094: fix potential SQL injections allowed by an improper encoding validation in data quoting functions - enable modules test...

PT-2025-12811 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: Appsmith versions prior to 1.51 Description: An issue was discovered in Appsmith where a user without admin permissions can trigger the restart API, causing a server restart. This is due to incorrect access control checks, which should check...

CVE-2024-10553

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...