CVE-2025-29744 | pg-promise up to 11.5.4 Negative Number sql injection

Inserito da Angelo Barbosa | Giu 12, 2025 | CVE

A vulnerability was found in pg-promise up to 11.5.4. It has been rated as critical. Affected by this issue is some unknown functionality of the component Negative Number Handler. The manipulation leads to sql injection.

This vulnerability is handled as CVE-2025-29744. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-29744 | pg-promise up to 11.5.4 Negative Number sql injection

Post correlati

CVE-2024-2651 | GitLab Community Edition/Enterprise Edition up to 16.9.6/16.10.4/16.11.1 Markdown resource consumption (Issue 450830)

CVE-2024-3123 | CHANGING Mobile One Time Password up to 3.11.3 unrestricted upload

CVE-2024-3203 | c-blosc2 up to 2.13.2 ndlz8x8.c ndlz8_decompress heap-based overflow

CVE-2024-22523 | Qiyu iFair up to 23.8_ad0 uploadimage path traversal