cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1094,https://securityvulnerability.io/vulnerability/CVE-2025-1094,SQL Injection Vulnerability in PostgreSQL libpq Functions and Command Line Utilities,"This vulnerability arises from improper handling of quoting syntax in PostgreSQL libpq functions, which can allow SQL injection through specific usage patterns. Attackers can leverage this flaw when application input from these functions is used improperly, especially in the construction of commands for psql, the PostgreSQL interactive terminal. Additionally, the improper neutralization of quoting can also impact command line utility operations when certain encoding configurations are specified, making it a relevant threat for versions prior to PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19.",PostgreSQL,Postgresql,8.1,HIGH,0.0004299999854993075,false,,true,false,true,2025-02-14T05:03:12.000Z,true,true,false,,2025-02-13T13:00:02.061Z,7485
CVE-2024-10979,https://securityvulnerability.io/vulnerability/CVE-2024-10979,Unprivileged User Can Execute Arbitrary Code via Environment Variables,"The PostgreSQL open-source database system has a high-severity security flaw (CVE-2024-10979) that allows unprivileged users to alter environment variables, potentially leading to code execution or information disclosure. This vulnerability could enable an attacker to execute arbitrary code by modifying environment variables such as PATH, or extract valuable information by running malicious queries. Exploitation has not been reported, and the issue has been addressed in PostgreSQL versions 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21. Users are advised to update their systems to prevent potential code execution and data breaches.",PostgreSQL,Postgresql,8.8,HIGH,0.000699999975040555,false,,true,false,true,2024-11-15T16:51:27.000Z,,false,false,,2024-11-14T13:15:00.000Z,223