A SQL injection vulnerability in SOGo software allows attackers to inject malicious database commands when PostgreSQL or MariaDB is used and passwords are stored in cleartext.
A vulnerability in SOGo (not PostgreSQL itself) allows SQL injection attacks when PostgreSQL is used as the database, potentially enabling attackers to unauthorized access or manipulate data.
A vulnerability in CKAN (a data management system) allows attackers to bypass authorization controls and access private data as well as PostgreSQL system information.
A vulnerability in CKAN (a data management system) allows attackers to inject malicious SQL code, enabling access to confidential data and PostgreSQL system information.
A SQL injection vulnerability in the postgrex PostgreSQL driver for Elixir allows attackers to execute arbitrary SQL commands when they can influence channel names in notification functions, potentially leading to data loss or unauthorized database access.
A vulnerability in Google Cloud AlloyDB for PostgreSQL caused database clusters created via Terraform or REST API to receive insecure default passwords, allowing attackers with network access to gain full administrative database access.
A security vulnerability in pgAdmin 4 allows authenticated users to inject malicious SQL code and thereby execute arbitrary commands on the database server.
A security vulnerability in pgAdmin 4 allows attackers to execute malicious JavaScript code in web browsers by using specially crafted names for PostgreSQL objects.
A security vulnerability in the pgx PostgreSQL driver for Go allows SQL injection attacks under specific conditions involving special string literals, enabling attackers to inject malicious database commands.
A vulnerability in PraisonAI allows SQL injection attacks through unvalidated parameters in multiple database connections, enabling attackers to manipulate databases or access sensitive data.
A SQL injection vulnerability in Rucio allows authenticated users to execute arbitrary SQL commands against the PostgreSQL database. This can lead to exposure of sensitive data, data manipulation, or even code execution.
A SQL injection vulnerability in Rucio allows authenticated users to execute arbitrary SQL commands against the Oracle database, potentially stealing or manipulating all managed data, authentication tokens, and password hashes.
SQLBot, a text-to-SQL system, passes user input unfiltered to an AI model and executes the generated SQL commands without validation. Attackers can exploit this to execute arbitrary SQL commands and, when connected to PostgreSQL, even run code on the server.
A vulnerability in the PostgreSQL JDBC driver allows malicious servers to freeze client computers through extremely CPU-intensive authentication, blocking CPU cores and exhausting connection pools.
affects: ≥42.2.0 <42.7.11
A critical security flaw in H2O-3 software allows attackers to execute arbitrary code on the server without authentication by exploiting PostgreSQL-specific parameters in the REST API.
A security vulnerability in Jellystat software allows authenticated users to inject malicious SQL code, enabling them to steal sensitive data from the database or even execute arbitrary commands on the PostgreSQL server.
A vulnerability in ElectricSQL allows authenticated users to read, modify, or destroy the entire PostgreSQL database through manipulated sorting parameters in the API.
OpenBao, a secrets management system, fails to properly quote database schema names when revoking PostgreSQL privileges, which can cause revocation failures or rarely enable SQL injection attacks.
A vulnerability in Aperi'Solve allows attackers to gain root access to the server through manipulated JPEG passwords without authentication, potentially compromising the PostgreSQL database and other system components.
A vulnerability in the Kestra orchestration platform allows authenticated users to execute arbitrary commands on the server by visiting a crafted link, as SQL injection attacks are possible through PostgreSQL.
Hi.Events, an open-source event management platform, contains a SQL injection vulnerability in multiple repository classes that pass user input directly to the database without validation, allowing attackers to execute malicious SQL commands.
A vulnerability in PostgreSQL allows malicious servers to crash client applications by sending manipulated data messages with invalid field lengths.
A vulnerability in the n8n workflow automation platform allows authenticated users to manipulate or delete data in PostgreSQL databases through SQL injection attacks.
Parse Server, a Node.js backend application, contains a SQL injection vulnerability in PostgreSQL connections. Attackers with master key access can execute arbitrary SQL commands and escalate their privileges from application level to database level access.
A security vulnerability in SQLBot allows authenticated users to inject malicious SQL commands through manipulated Excel files, enabling them to gain complete control over the server.
A security flaw in SQLBot allows authenticated users to inject malicious content through Excel uploads and manipulate the AI system to execute dangerous PostgreSQL commands, ultimately gaining remote access to the server.
A SQL injection vulnerability in AnythingLLM allows users to execute arbitrary SQL commands on connected databases because table names are unsafely inserted into queries without proper sanitization.
Parse Server, a backend software for Node.js, contains a critical security vulnerability that allows attackers to take over any user account without authentication by sending specially crafted login requests.
Parse Server, a Node.js backend software, contains a SQL injection vulnerability when using PostgreSQL databases. Attackers with master key access can inject malicious SQL commands through crafted field names in queries, bypassing Parse Server to directly attack the database.
A security vulnerability in Parse Server allows attackers to bypass protected database field restrictions using dot-notation queries, potentially exposing sensitive data that should be protected.
A critical SQL injection vulnerability in Parse Server allows attackers to execute arbitrary SQL commands in PostgreSQL databases through crafted field names, bypassing security controls.
A SQL injection vulnerability in Parse Server allows attackers to execute arbitrary SQL commands through the REST API and thereby read all data from PostgreSQL databases.
A vulnerability in Parse Server allows SQL injection attacks against PostgreSQL databases through improper handling of dot-notation field names in sort and other query parameters, enabling attackers to inject malicious SQL commands.
PostgreSQL contains hard-coded credentials that could allow attackers with administrator access and known database passwords to steal information or execute malicious code when SOCKS proxy functionality is enabled.
A vulnerability in the Budibase low-code platform allows attackers to execute malicious commands through unsafe PostgreSQL database connection parameters, as user inputs are not properly sanitized before shell execution.
A security vulnerability in WeKnora, a document understanding framework, allows attackers to execute malicious code on the PostgreSQL database server by bypassing SQL injection protections.
A security vulnerability in the TimescaleDB extension for PostgreSQL allows malicious users to create custom functions that override built-in PostgreSQL functions, potentially enabling arbitrary code execution during extension upgrades.
Chartbrew, a web application for data visualization, contains an SQL injection vulnerability that allows unauthenticated attackers to inject arbitrary SQL commands into connected databases, potentially reading, modifying, or deleting data.
A vulnerability in Packetbeat's PostgreSQL protocol parser allows attackers to crash the Packetbeat process by sending specially crafted network packets when PostgreSQL monitoring is enabled.
A vulnerability in Apache Superset allows authenticated users with SQLLab access to bypass read-only restrictions on PostgreSQL connections and perform unauthorized data modifications or deletions.
Apache Superset had an incomplete list of blocked SQL functions for ClickHouse database, potentially allowing attackers to execute sensitive database operations that should have been restricted.
RUCKUS Network Director appliances use identical SSH keys across all installations, allowing attackers to log in without passwords and gain complete control over the PostgreSQL database and administrative user accounts.
A vulnerability in Ruckus Network Director allows attackers to remotely access the PostgreSQL database using hardcoded credentials, enabling them to gain administrator privileges and execute arbitrary system commands.
A vulnerability in PostgreSQL allows database users to cause a buffer overflow through crafted input strings, potentially leading to privilege escalation within the database system.
affects: ≥18.0 <18.2
PostgreSQL databases have a vulnerability in multibyte character processing that allows database users to execute arbitrary code on the server through specially crafted queries.
affects: ≥14.0 <14.21; ≥15.0 <15.16; ≥16.0 <16.12; ≥17.0 <17.8; ≥18.0 <18.2
A memory corruption flaw in PostgreSQL's encryption module allows attackers to execute arbitrary code on the database server. Older versions before the mentioned security updates are affected.
affects: ≥14.0 <14.21; ≥15.0 <15.16; ≥16.0 <16.12; ≥17.0 <17.8; ≥18.0 <18.2
A vulnerability in PostgreSQL's intarray extension allows attackers to execute arbitrary code with database user privileges by exploiting unchecked inputs in a selectivity estimator function.
affects: ≥14.0 <14.21; ≥15.0 <15.16; ≥16.0 <16.12; ≥17.0 <17.8; ≥18.0 <18.2
A vulnerability in PostgreSQL allows database users to read small amounts of server memory, potentially exposing confidential information stored in that memory.
affects: ≥14.0 <14.21; ≥15.0 <15.16; ≥16.0 <16.12; ≥17.0 <17.8; ≥18.0 <18.2
A vulnerability in PostgreSQL Anonymizer allows users to gain superuser privileges by creating a temporary view with malicious code, enabling them to execute arbitrary code with the highest privileges.
A vulnerability in the PostgreSQL Anonymizer extension allows regular users to gain superuser privileges by creating malicious operators, which is particularly problematic in PostgreSQL 14 and older versions.