6 matches found
CVE-2026-34164 Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...
EUVD-2025-24809
Malicious code in bioql PyPI...
Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgrade to 13.22: CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code in...
openSUSE 15: postgresql13 / postgresql13-contrib / postgresql13-devel / etc (SUSE-SU-2025:02842-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02842-1 advisory. Upgrade to 13.22: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. - CVE-2025-8714...
Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgrade to 13.22: CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code in...
CVE-2025-8715 PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...