Skip to main content

PostgreSQL

413 CVEs product

Monthly

CVE-2025-8713 LOW Monitor

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

PostgreSQL Information Disclosure
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-1735 MEDIUM PATCH This Month

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.

PHP PostgreSQL SQLi Debian Red Hat +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-1709 MEDIUM This Month

CVE-2025-1709 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure PostgreSQL Meac300 Fnade4 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1708 HIGH This Week

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content.

PostgreSQL SQLi Meac300 Fnade4 Firmware
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-53006 CRITICAL POC PATCH Act Now

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

Information Disclosure PostgreSQL Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53005 CRITICAL POC PATCH Act Now

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

Authentication Bypass PostgreSQL Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-24288 CRITICAL Act Now

Critical authentication bypass vulnerability in Versa Director that exposes multiple services (SSH, PostgreSQL, and others) with default credentials on internet-facing deployments. The vulnerability affects Versa Director installations where default passwords remain unchanged, allowing unauthenticated remote attackers to gain complete system compromise (confidentiality, integrity, and availability impact). While no confirmed exploitation has been reported, proof-of-concept code has been publicly disclosed by security researchers, and the CVSS 9.8 score reflects the severity of unrestricted remote access with default credentials.

PostgreSQL Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-21085 LOW PATCH Monitor

A security vulnerability in PingFederate OAuth2 grant duplication in PostgreSQL persistent storage (CVSS 2.1) that allows oauth2 requests. Remediation should follow standard vulnerability management procedures.

PostgreSQL Information Disclosure
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-49146 Maven HIGH PATCH This Week

The PostgreSQL JDBC driver (pgjdbc) versions 42.7.4 through 42.7.6 contain an authentication bypass vulnerability where channel binding validation is incorrectly disabled, allowing man-in-the-middle attackers to intercept connections that administrators configured to require channel binding protection. Affected users running pgjdbc with channel binding set to 'required' (a non-default but security-conscious configuration) are vulnerable to credential interception and session hijacking despite believing their connections are protected. The vulnerability is fixed in version 42.7.7.

PostgreSQL Authentication Bypass Java Postgresql Jdbc Driver Red Hat +1
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-5690 MEDIUM PATCH This Month

PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1

PostgreSQL Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22248 CRITICAL This Week

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Kubernetes Docker Bitnami +1
NVD GitHub
CVSS 4.0
9.4
EPSS
0.3%
CVE-2025-4207 MEDIUM PATCH This Month

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow PostgreSQL Denial Of Service Red Hat Suse
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-46337 PHP CRITICAL PATCH Act Now

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi PostgreSQL
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
CVE-2025-1731 HIGH POC This Week

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zyxel PostgreSQL Privilege Escalation Uos
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-2291 HIGH This Week

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure PostgreSQL Pgbouncer Debian Linux
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-31480 CRITICAL Act Now

aiven-extras is a PostgreSQL extension. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Privilege Escalation
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-55964 CRITICAL POC THREAT Emergency

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 67.3% and no vendor patch available.

RCE PostgreSQL Code Injection Docker Appsmith
NVD GitHub
CVSS 3.1
9.8
EPSS
67.3%
Threat
5.5
CVE-2024-12909 PyPI CRITICAL POC PATCH Act Now

A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE SQLi PostgreSQL Llamaindex
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-10553 LIB CRITICAL POC PATCH Act Now

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PostgreSQL Deserialization H2O
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2025-27098 npm MEDIUM POC PATCH This Month

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PostgreSQL Path Traversal Graphql Mesh Cli Graphql Mesh Http
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-27097 npm MEDIUM PATCH This Month

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Denial Of Service Graphql Mesh
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-1094 HIGH POC PATCH THREAT Act Now

PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperly neutralize quoting syntax, enabling SQL injection when function results are used to construct psql input. This vulnerability was used as the initial access vector in the BeyondTrust RS compromise chain.

SQLi PostgreSQL Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
79.7%
Threat
5.5
CVE-2024-56142 PyPI MEDIUM PATCH This Month

pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal PostgreSQL
NVD GitHub
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-55633 PyPI HIGH PATCH This Week

Improper Authorization vulnerability in Apache Superset. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache PostgreSQL Superset
NVD
CVSS 4.0
7.1
EPSS
2.6%
CVE-2024-53947 PyPI LOW PATCH Monitor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache PostgreSQL Superset
NVD
CVSS 4.0
2.3
EPSS
0.8%
CVE-2024-54141 PHP HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PostgreSQL PHP Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-42450 CRITICAL Act Now

The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PostgreSQL
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-49042 HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft Azure Database For Postgresql Flexible Server
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-43613 HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft Azure Database For Postgresql Flexible Server
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-49756 MEDIUM This Month

AshPostgres is the PostgreSQL data layer for Ash Framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Path Traversal Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-48783 HIGH This Week

An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Nbr3000D E Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-47074 CRITICAL PATCH Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java PostgreSQL Dataease
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-39887 PyPI CRITICAL POC PATCH Act Now

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Apache PostgreSQL Superset
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2024-39309 npm CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PostgreSQL Node.js
NVD GitHub
CVSS 3.1
9.8
EPSS
20.2%
CVE-2024-34715 PyPI LOW POC PATCH Monitor

Fides is an open-source privacy engineering platform. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure PostgreSQL Fides
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2024-32888 Maven CRITICAL PATCH Act Now

The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java PostgreSQL
NVD GitHub
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-4545 HIGH This Week

All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-4317 MEDIUM POC This Month

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PostgreSQL
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-32655 NuGet HIGH PATCH This Week

Npgsql is the .NET data provider for PostgreSQL. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi PostgreSQL
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2024-2860 HIGH This Week

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure PostgreSQL Brocade Sannav
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34532 CRITICAL POC Act Now

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PostgreSQL
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-32979 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PostgreSQL Python Nautobot
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29955 MEDIUM This Month

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Brocade Sannav
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-29196 PHP LOW POC PATCH Monitor

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PostgreSQL PHP Phpmyfaq
NVD GitHub
CVSS 3.1
2.7
EPSS
0.6%
CVE-2024-29179 PHP MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-28108 PHP MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-28107 PHP HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-28106 PHP MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-28105 PHP HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP PostgreSQL File Upload Phpmyfaq
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-27300 PHP MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-27299 PHP HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-2339 HIGH PATCH This Week

PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation PostgreSQL Anonymizer
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2338 HIGH PATCH This Week

PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Privilege Escalation SQLi PostgreSQL Anonymizer
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-27304 Go CRITICAL PATCH Act Now

pgx is a PostgreSQL driver and toolkit for Go. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Pgproto3 Pgx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-27289 Go HIGH PATCH This Week

pgx is a PostgreSQL driver and toolkit for Go. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Pgx
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-27298 npm CRITICAL PATCH Act Now

parse-server is a Parse Server for Node.js / Express. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Node.js Parse Server
NVD GitHub
CVSS 3.1
10.0
EPSS
1.0%
CVE-2024-24213 CRITICAL Act Now

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PostgreSQL Postgres
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-24574 PHP MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-22208 PHP MEDIUM POC PATCH This Month

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-22202 PHP MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-51649 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python PostgreSQL Authentication Bypass Nautobot
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-50263 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python PostgreSQL Nautobot
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-41120 MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-41119 HIGH This Week

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-41118 HIGH This Week

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Postgres Advanced Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-41117 CRITICAL Act Now

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-41116 MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-41115 MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-41114 MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-41113 MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-5870 MEDIUM This Month

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service PostgreSQL Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian Eus Codeready Linux Builder For Arm64 Eus +12
NVD
CVSS 3.1
4.4
EPSS
2.6%
CVE-2023-5869 HIGH This Week

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow RCE PostgreSQL Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian Eus +18
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2023-5868 MEDIUM This Month

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian Eus Codeready Linux Builder For Arm64 Eus +12
NVD
CVSS 3.1
4.3
EPSS
2.8%
CVE-2023-46128 PyPI MEDIUM POC PATCH This Month

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python PostgreSQL Nautobot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-5002 PyPI HIGH PATCH This Week

A flaw was found in pgAdmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PostgreSQL Command Injection Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-3264 CRITICAL Act Now

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Powerpanel Server Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware +20
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3262 MEDIUM This Month

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware Iboot Pdu4A N15 Firmware +19
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-39418 MEDIUM PATCH This Month

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PostgreSQL Enterprise Linux Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-39417 HIGH This Week

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL SQLi Software Collections Enterprise Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-38195 MEDIUM This Month

Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Seq
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-2785 MEDIUM This Month

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service PostgreSQL
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2455 MEDIUM This Month

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Software Collections Enterprise Linux Fedora
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-2454 HIGH This Week

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL Software Collections Enterprise Linux Fedora
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-33967 Go CRITICAL PATCH Act Now

EaseProbe is a tool that can do health/status checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PostgreSQL SQLi Easeprobe
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-31131 CRITICAL PATCH Act Now

Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PostgreSQL Greenplum Database
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-32305 HIGH PATCH This Week

aiven-extras is a PostgreSQL extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation RCE PostgreSQL Aiven
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1934 HIGH POC This Week

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL SQLi Pnpscada
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
8.1%
CVE-2023-31136 MEDIUM PATCH This Month

PostgresNIO is a Swift client for PostgreSQL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Code Injection PostgreSQL Postgresnio
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-2291 HIGH POC This Week

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho PostgreSQL Authentication Bypass Manageengine Access Manager Plus Manageengine Pam360 +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-31043 HIGH This Week

EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
EPSS 0% CVSS 3.1
LOW Monitor

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

PostgreSQL Information Disclosure
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.

PHP PostgreSQL SQLi +3
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

CVE-2025-1709 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure PostgreSQL Meac300 Fnade4 Firmware
NVD
EPSS 0% CVSS 8.6
HIGH This Week

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content.

PostgreSQL SQLi Meac300 Fnade4 Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

Information Disclosure PostgreSQL Dataease
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

Authentication Bypass PostgreSQL Dataease
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Critical authentication bypass vulnerability in Versa Director that exposes multiple services (SSH, PostgreSQL, and others) with default credentials on internet-facing deployments. The vulnerability affects Versa Director installations where default passwords remain unchanged, allowing unauthenticated remote attackers to gain complete system compromise (confidentiality, integrity, and availability impact). While no confirmed exploitation has been reported, proof-of-concept code has been publicly disclosed by security researchers, and the CVSS 9.8 score reflects the severity of unrestricted remote access with default credentials.

PostgreSQL Information Disclosure
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

A security vulnerability in PingFederate OAuth2 grant duplication in PostgreSQL persistent storage (CVSS 2.1) that allows oauth2 requests. Remediation should follow standard vulnerability management procedures.

PostgreSQL Information Disclosure
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

The PostgreSQL JDBC driver (pgjdbc) versions 42.7.4 through 42.7.6 contain an authentication bypass vulnerability where channel binding validation is incorrectly disabled, allowing man-in-the-middle attackers to intercept connections that administrators configured to require channel binding protection. Affected users running pgjdbc with channel binding set to 'required' (a non-default but security-conscious configuration) are vulnerable to credential interception and session hijacking despite believing their connections are protected. The vulnerability is fixed in version 42.7.7.

PostgreSQL Authentication Bypass Java +3
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1

PostgreSQL Information Disclosure
NVD
EPSS 0% CVSS 9.4
CRITICAL This Week

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Kubernetes +3
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow PostgreSQL Denial Of Service +2
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi PostgreSQL
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zyxel PostgreSQL Privilege Escalation +1
NVD Exploit-DB
EPSS 0% CVSS 8.1
HIGH This Week

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure PostgreSQL Pgbouncer +1
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

aiven-extras is a PostgreSQL extension. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Privilege Escalation
NVD GitHub
EPSS 67% 5.5 CVSS 9.8
CRITICAL POC THREAT Emergency

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 67.3% and no vendor patch available.

RCE PostgreSQL Code Injection +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE SQLi PostgreSQL +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PostgreSQL Deserialization +1
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PostgreSQL Path Traversal Graphql Mesh Cli +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Denial Of Service Graphql Mesh
NVD GitHub
EPSS 80% 5.5 CVSS 8.1
HIGH POC PATCH THREAT Act Now

PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperly neutralize quoting syntax, enabling SQL injection when function results are used to construct psql input. This vulnerability was used as the initial access vector in the BeyondTrust RS compromise chain.

SQLi PostgreSQL Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal PostgreSQL
NVD GitHub
EPSS 3% CVSS 7.1
HIGH PATCH This Week

Improper Authorization vulnerability in Apache Superset. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache PostgreSQL +1
NVD
EPSS 1% CVSS 2.3
LOW PATCH Monitor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache PostgreSQL +1
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PostgreSQL PHP Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL Act Now

The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PostgreSQL
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

AshPostgres is the PostgreSQL data layer for Ash Framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Path Traversal Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Nbr3000D E Firmware
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java PostgreSQL +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Apache PostgreSQL +1
NVD
EPSS 20% CVSS 9.8
CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PostgreSQL Node.js
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

Fides is an open-source privacy engineering platform. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure PostgreSQL Fides
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java PostgreSQL
NVD GitHub
EPSS 1% CVSS 7.7
HIGH This Week

All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PostgreSQL
NVD GitHub
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Npgsql is the .NET data provider for PostgreSQL. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi PostgreSQL
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure PostgreSQL +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PostgreSQL
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PostgreSQL Python +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Brocade Sannav
NVD
EPSS 1% CVSS 2.7
LOW POC PATCH Monitor

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PostgreSQL PHP +1
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP PostgreSQL +2
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation PostgreSQL Anonymizer
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Privilege Escalation SQLi PostgreSQL +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

pgx is a PostgreSQL driver and toolkit for Go. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Pgproto3 +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

pgx is a PostgreSQL driver and toolkit for Go. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Pgx
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

parse-server is a Parse Server for Node.js / Express. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Node.js +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PostgreSQL Postgres
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP PostgreSQL +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python PostgreSQL Authentication Bypass +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Postgres Advanced Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Postgres Advanced Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
EPSS 3% CVSS 4.4
MEDIUM This Month

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service PostgreSQL Codeready Linux Builder Eus +14
NVD
EPSS 4% CVSS 8.8
HIGH This Week

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow RCE PostgreSQL +20
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Codeready Linux Builder Eus +14
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A flaw was found in pgAdmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PostgreSQL Command Injection Pgadmin 4 +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Powerpanel Server +22
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Iboot Pdu4A C10 Firmware +21
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PostgreSQL Enterprise Linux +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL SQLi +3
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Seq
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service PostgreSQL
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Software Collections +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL Software Collections +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

EaseProbe is a tool that can do health/status checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PostgreSQL SQLi Easeprobe
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PostgreSQL Greenplum Database
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

aiven-extras is a PostgreSQL extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation RCE PostgreSQL +1
NVD GitHub
EPSS 8% CVSS 7.5
HIGH POC This Week

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL SQLi Pnpscada
NVD Exploit-DB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

PostgresNIO is a Swift client for PostgreSQL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Code Injection PostgreSQL Postgresnio
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho PostgreSQL Authentication Bypass +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy