28 matches found
PYSEC-2026-454 pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode
pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...
EUVD-2026-33047
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...
CVE-2026-2627
A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The...
PT-2026-20343
Name of the Vulnerable Software and Affected Versions Softland FBackup versions up to 9.9 Description A security flaw exists in Softland FBackup. The issue involves link following due to manipulation within an unknown function in the library C:Program FilesCommon Filesmicrosoft sharedinkHID.dll o...
MiracleLinux 7 : bind-9.9.4-73.0.1.el7.AXS7 (AXSA:2019-3820:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3820:02 advisory. Security Fix - CVE-2018-5742 CVE CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block directly from the MiracleLinux security...
Exploit for CVE-2025-12762
🔐 CVE-2025-12762 — Critical RCE Vulnerability in pgAdmin 4 !...
EUVD-2025-169296
pgAdmin4 vulnerable to Remote Code Execution RCE when running in server mode...
pgAdmin 4 has command injection vulnerability on Windows systems
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...
GHSA-G4R8-3QMH-PMCH pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification
pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...
CVE-2025-12763
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...
CVE-2025-12765 pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.
pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...
CVE-2025-12765
Summary of the CVE: CVE-2025-12765 affects pgAdmin4 (noted in multiple advisories) with a flaw in the LDAP authentication flow that allows bypassing TLS certificate validation. The SUSE/OpenSUSE entries and related Nessus plugins cite this CVE alongside CVE-2025-12764 and others, indicating impac...
CVE-2025-12764 pgAdmin 4: LDAP injection vulnerability in LDAP authentication flow.
pgAdmin = 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS...
CVE-2025-12762 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)
pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...
CVE-2025-59453
Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section...
CVE-2025-56467
An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended...
Automattic: Woocommerce SQL Injection in WC_Report_Coupon_Usage
A SQL injection vulnerability was found in the WooCommerce plugin version 9.9.3. The vulnerable parameter was 'couponcodes' in the '/wp-admin/admin.php?page=wc-reports&tab=orders&report=couponusage' endpoint. The vulnerability required the privilege to view reports...
CVE-2024-4468
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...
Radare2 安全漏洞
Radare2 is a Libre reverse framework open-sourced by radare for Unix geeks. A security vulnerability exists in Radare2 versions prior to 5.9.9 that stems from a heap buffer over-read or buffer overflow...
Termius 安全漏洞
Termius is an SSH client from Termius, Inc. A security vulnerability exists in Termius versions prior to 9.9.0 that originates from allowing a local attacker to execute arbitrary code via a specially crafted script in the DYLDINSERTLIBRARIES component...