Filter
-Infinity
0

CVE-2025-1094: PostgSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

First published (updated )
Social
reddit

CVE-2025-1094: PostgSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection

The RegisterCritical PostgreSQL bug tied to zero-day attack on US Treasury

First published (updated )

BleepingComputerPostgreSQL flaw exploited as zero-day in BeyondTrust breach

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

PostgreSQL CommonSQL Injection

First published (updated )

PostgreSQLPostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

First published (updated )

Versa Networks Versa DirectorThe Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is alsā€¦

First published (updated )

PostgSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21

PostgreSQL CommonIncomplete tracking in PostgreSQL of tables with row security allows a reused query to view or changā€¦

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

PostgreSQL CommonIncorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database useā€¦

First published (updated )

PostgreSQL CommonIncorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or chā€¦

First published (updated )

PostgreSQL CommonPostgreSQL PL/Perl environment variable changes execute arbitrary code

8.8
First published (updated )

PostgreSQLPostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

First published (updated )

PostgreSQL CommonPostgreSQL libpq retains an error message from man-in-the-middle

3.7
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

PostgreSQL CommonPostgreSQL row security below e.g. subqueries disregards user ID changes

First published (updated )

CVE-2024-7348: PostgSQL lation placement during pg_dump executes arbitrary SQL

PostgreSQL CommonPostgreSQL relation replacement during pg_dump executes arbitrary SQL

8.8
EPSS
0.05%
First published (updated )

redhat/postgresqlPostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

EPSS
0.04%
First published (updated )

BleepingComputerOver 12 million auth secrets and keys leaked on GitHub in 2023

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Dalibo Anonymizer for PostgreSQLImproper Input Validation in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule

8.8
First published (updated )

Dalibo Anonymizer for PostgreSQLSQL Injection in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule

First published (updated )

maven/org.postgresql:postgresqlpgjdbc SQL Injection via line comment generation

First published (updated )

redhat/postgresqlPostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

First published (updated )

Red Hat Enterprise Linux ServerPostgresql: role pg_signal_backend can signal certain superuser processes.

EPSS
0.12%
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Red Hat Enterprise Linux ServerPostgresql: buffer overrun from integer overflow in array modification

8.8
EPSS
1.16%
First published (updated )

Red Hat Enterprise Linux ServerPostgresql: memory disclosure in aggregate function calls

EPSS
0.18%
First published (updated )

PostgreSQL CommonAn issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeateā€¦

7.5
First published (updated )

redhat/postgresqlPostgresql: extension script @substitutions@ within quoting allow sql injection

8.8
First published (updated )

Red Hat Enterprise LinuxPostgresql: merge fails to enforce update or select row security policies

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
Ā© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203