13193 matches found
Security update for postgresql13 (important)
openSUSE security update: security update for postgresql13 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20449-1 Rating: important References: bsc1253332 bsc1253333 Cross-References: CVE-2025-12817 CVE-2025-12818 CVSS scores: CVE-2025-12817 SUSE :...
CVE-2026-34455
Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...
CVE-2026-34455 Hi.Events: SQL Injection via Unvalidated sort_by Query Parameter in Multiple Repository Classes
Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...
EUVD-2026-18007
Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...
CVE-2026-34455 Hi.Events: SQL Injection via Unvalidated sort_by Query Parameter in Multiple Repository Classes
Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...
CVE-2026-34455
Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...
CVE-2026-34455
Hi.Events is affected by an SQL injection in which multiple repository classes pass the user-supplied sort_by parameter directly to Eloquent's orderBy() without validation (affecting versions 0.8.0-beta.1 up to before 1.7.1-beta). The underlying issue is the lack of input validation for sort_by, ...
CLEANSTART-2026-JA70776 Security fixes for CVE-2023-5870, CVE-2024-7348, CVE-2025-8713, CVE-2025-8714, CVE-2025-8715 applied in versions: 16.1-r0, 16.2-r0, 16.4-r0, 17.6-r0
Multiple security vulnerabilities affect the postgresql package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-EQ51133 Security fixes for CVE-2023-5870, CVE-2024-7348, CVE-2025-8713, CVE-2025-8714, CVE-2025-8715 applied in versions: 16.1-r0, 16.2-r0, 16.4-r0, 17.6-r0
Multiple security vulnerabilities affect the postgresql package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-GI40937 Security fixes for CVE-2023-5870, CVE-2024-7348, CVE-2025-8713, CVE-2025-8714, CVE-2025-8715 applied in versions: 16.1-r0, 16.2-r0, 16.4-r0, 17.6-r0
Multiple security vulnerabilities affect the postgresql package. These issues are resolved in later releases. See references for individual vulnerability details...
CLSA-2026-1775033648 postgresql-jdbc: Fix of CVE-2022-21724
CVE-2022-21724: ensure arbitrary classes can't be passed instead of SocketFactory, SSLSocketFactory, CallbackHandler, HostnameVerifier - Restore testing from previous spec versions, exclude broken tests...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to vulnerable PostgreSQL JDBC connection parameters not being blocked by default. An attacker can exploit this vulnerability by injecting dangerous JDBC parameters such as socketFactory, sslfactory,...
PT-2026-29592
Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sort by query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application...
EUVD-2026-17664
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
CVE-2026-29953
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...
EUVD-2026-17131
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through the column.go processing in the PostgreSQL and MySQL table schema components. An attacker can tamper with the database table structure and potentially leak data by creating a malicious Table CRD with crafted column...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through the column.go processing in the PostgreSQL and MySQL table schema components. An attacker can tamper with the database table structure and potentially leak data by creating a malicious Table CRD with crafted column...
SUSE-SU-2026:20986-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: Security fixes: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts bsc1253332 -...
OPENSUSE-SU-2026:20449-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: Security fixes: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts bsc1253332 -...