10148 matches found
CVE-2026-7818
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
CVE-2026-7814
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
CVE-2026-7820
CVE-2026-7820 affects pgAdmin 4 prior to 9.15. The issue is an account-lockout bypass caused by improper synchronization between pgAdmin’s custom /authenticate/login path and Flask-Security’s default /login path. Because Flask-Security’s default route does not consult the pgAdmin User.locked fiel...
CVE-2026-7818 pgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code execution
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
CVE-2026-7818
CVE-2026-7818 affects pgAdmin 4: Unsafe deserialization in FileBackedSessionManager allows an authenticated user with write access to the sessions directory to craft a payload that could lead to operating-system level remote code execution under the pgAdmin process identity. The root cause is des...
CVE-2026-7818 pgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code execution
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
CVE-2026-7815 pgAdmin 4: SQL injection in Maintenance tool option values leading to remote code execution
SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...
PT-2026-39624
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description A stored cross-site scripting XSS issue exists in the Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names, such as those for databases, schemas, tables, or columns,...
PT-2026-39626
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description An OS command injection issue exists in the Import/Export query export feature. User-supplied input is interpolated directly into a psql copy metacommand template without proper sanitization. An...
PT-2026-39640
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
TencentOS Server 4: kernel (TSSA-2026:0287)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0287 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CVE-2026-4897 affecting package polkit for versions less than 123-4
CVE-2026-4897 affecting package polkit for versions less than 123-4. A patched version of the package is available...
OSGeo gdal 缓冲区错误漏洞
OSGeo GDAL is an open-source geospatial raster and vector data processing library developed by OSGeo. Versions of OSGeo GDAL 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from a function in the Grid File Handler component, specifically the function...
python311-Django4-4.2.30-2.1 on GA media (moderate)
python311-Django4-4.2.30-2.1 on GA media Announcement ID: openSUSE-SU-2026:10708-1 Rating: moderate Cross-References: CVE-2026-35192 CVE-2026-5766 CVE-2026-6907 CVSS scores: CVE-2026-35192 SUSE : 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2026-35192 SUSE : 2.3...
[SECURITY] [DLA 4572-1] linux security update
Debian LTS Advisory DLA-4572-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings May 08, 2026 https://wiki.debian.org/LTS Package : linux Version : 5.10.251-4 CVE ID : CVE-2026-43284 CVE-2026-43500 Two vulnerabilities have been discovered in the Linux kernel that may...
GDAL 缓冲区错误漏洞
GDAL is an open-source geospatial data abstraction library developed by GDAL. Versions of GDAL 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from the operation of the parameter DataFieldName in the function GDnentries within the file...
@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +538 more potentially affected by CVE-2026-44456 via hono (>=0.5.10 <=4.12.15)
hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-44456 Source advisory: OSV:GHSA-9VQF-7F2P-GF9V...
CVE-2026-34003 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-4
CVE-2026-34003 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-4. A patched version of the package is available...
CVE-2026-34001 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-4
CVE-2026-34001 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-4. A patched version of the package is available...
CVE-2026-33999 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-4
CVE-2026-33999 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-4. A patched version of the package is available...