In pgAdmin versions up to and including 9.9 a medium severity vulnerability CVE-2025-12763 was detected. This vulnerability allows attackers to execute arbitrary system commands on Windows systems due to improper use of the shell=True parameter during backup and restore operations. By supplying specially crafted file paths, attackers can achieve command injection and gain unauthorized control of the affected system. To fix this vulnerability, users should upgrade pgAdmin to version 10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12763.
Read more DatabaseIn Redis versions 8.2.0 through 8.2.2 a high severity vulnerability CVE-2025-62507 was detected. This vulnerability allows remote attackers to trigger a stack buffer overflow during execution of the XACKDEL command, which may potentially lead to remote code execution. To fix this vulnerability, users should upgrade to Redis version 8.2.3 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-62507.
Read more DatabaseIn Redis versions 8.2.1 and below a high severity vulnerability CVE-2025-46817 was detected. Authenticated users can use specially crafted Lua scripts to trigger an integer overflow that may lead to remote code execution. This issue affects all Redis versions with Lua scripting enabled. To address this issue, users should upgrade Redis to version 8.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46817.
Read more DatabaseIn Redis versions 8.2.1 and below a high severity vulnerability CVE-2025-49844 was detected. Authenticated users can use a specially crafted Lua script to manipulate the garbage collector, triggering a use-after-free condition that may lead to remote code execution. This issue affects all Redis versions with Lua scripting enabled. To address this issue, users should upgrade Redis to version 8.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49844.
Read more DatabaseIn Redis versions 8.2.1 and below a medium severity vulnerability CVE-2025-46819 was detected. Authenticated users can use specially crafted Lua scripts to read out-of-bounds data or crash the server, leading to denial of service (DoS). This issue affects all Redis versions with Lua scripting enabled. To address this issue, users should upgrade Redis to version 8.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46819.
Read more DatabaseIn PostgreSQL versions 13 through 17 a high severity vulnerability CVE-2025-8714 was detected. This vulnerability allows attackers to inject arbitrary code for restore-time execution as the client operating system account running psql via psql meta-commands. To address this issue, users should upgrade PostgreSQL to versions 13.22, 14.19, 15.14, 16.10 or 17.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8714.
Read more DatabaseIn PostgreSQL versions 13 through 17 a high severity vulnerability CVE-2025-8715 was detected. This vulnerability allows attackers to inject arbitrary code or achieve SQL injection via a purpose-crafted object name during the restore process. To address this issue, users should upgrade PostgreSQL to versions 13.22, 14.19, 15.14, 16.10 or 17.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8715.
Read more DatabaseIn PostgreSQL versions 13 through 17 a low severity vulnerability CVE-2025-8713 was detected. This vulnerability allows attackers to read sampled data from views or tables that are protected by access control lists (ACLs) or row security policies. To address this issue, users should upgrade PostgreSQL to versions 13.22, 14.19, 15.14, 16.10 or 17.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8713.
Read more DatabaseIn SQLite versions from 3.39.2 to before 3.41.2 a medium severity vulnerability CVE-2025-7458 was detected. This vulnerability allows attackers to crash the system or read sensitive data from memory by running a specially crafted SELECT query with many items in the ORDER BY part. To address this issue, users should upgrade SQLite to versions 3.41.2 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-7458.
Read more Database