Lucene search
K

28 matches found

OSV
OSV
added last week7 views

PYSEC-2026-454 pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

9.1CVSS6.5AI score0.12217EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/28 8:17 p.m.15 views

EUVD-2026-33047

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

9.9CVSS5.8AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2026/02/17 10:18 p.m.8 views

CVE-2026-2627

A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The...

8.5CVSS0.00238EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.7 views

PT-2026-20343

Name of the Vulnerable Software and Affected Versions Softland FBackup versions up to 9.9 Description A security flaw exists in Softland FBackup. The issue involves link following due to manipulation within an unknown function in the library C:Program FilesCommon Filesmicrosoft sharedinkHID.dll o...

8.5CVSS5.1AI score0.00238EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : bind-9.9.4-73.0.1.el7.AXS7 (AXSA:2019-3820:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3820:02 advisory. Security Fix - CVE-2018-5742 CVE CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block directly from the MiracleLinux security...

7.5CVSS6.4AI score0.01575EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/11/24 3:28 a.m.270 views

Exploit for CVE-2025-12762

🔐 CVE-2025-12762 — Critical RCE Vulnerability in pgAdmin 4 !...

9.8CVSS7.7AI score0.12217EPSS
Exploits1
EUVD
EUVD
added 2025/11/13 3:30 p.m.5 views

EUVD-2025-169296

pgAdmin4 vulnerable to Remote Code Execution RCE when running in server mode...

9.1CVSS6.8AI score0.12217EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/11/13 3:30 p.m.7 views

pgAdmin 4 has command injection vulnerability on Windows systems

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...

8.8CVSS8.1AI score0.00754EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/13 3:30 p.m.1 views

GHSA-G4R8-3QMH-PMCH pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification

pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...

7.5CVSS7AI score0.00181EPSS
Exploits0References4
OSV
OSV
added 2025/11/13 1:15 p.m.2 views

CVE-2025-12763

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...

8.8CVSS8AI score
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 1:0 p.m.8 views

CVE-2025-12765 pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.

pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...

7.5CVSS0.00181EPSS
Exploits0References1
CVE
CVE
added 2025/11/13 1:0 p.m.20 views

CVE-2025-12765

Summary of the CVE: CVE-2025-12765 affects pgAdmin4 (noted in multiple advisories) with a flaw in the LDAP authentication flow that allows bypassing TLS certificate validation. The SUSE/OpenSUSE entries and related Nessus plugins cite this CVE alongside CVE-2025-12764 and others, indicating impac...

7.5CVSS6.7AI score0.00181EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/13 1:0 p.m.1 views

CVE-2025-12764 pgAdmin 4: LDAP injection vulnerability in LDAP authentication flow.

pgAdmin = 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS...

7.5CVSS7.1AI score0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 1:0 p.m.10 views

CVE-2025-12762 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

9.1CVSS0.12217EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/16 12:0 a.m.8 views

CVE-2025-59453

Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section...

3.2CVSS0.00145EPSS
Exploits0References2
NVD
NVD
added 2025/09/12 5:15 p.m.6 views

CVE-2025-56467

An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended...

6.5CVSS0.00304EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/06/13 5:23 a.m.37 views

Automattic: Woocommerce SQL Injection in WC_Report_Coupon_Usage

A SQL injection vulnerability was found in the WooCommerce plugin version 9.9.3. The vulnerable parameter was 'couponcodes' in the '/wp-admin/admin.php?page=wc-reports&tab=orders&report=couponusage' endpoint. The vulnerability required the privilege to view reports...

8.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.5 views

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

5.4CVSS5.9AI score0.00385EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.2 views

Radare2 安全漏洞

Radare2 is a Libre reverse framework open-sourced by radare for Unix geeks. A security vulnerability exists in Radare2 versions prior to 5.9.9 that stems from a heap buffer over-read or buffer overflow...

10CVSS8.7AI score0.00468EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.14 views

Termius 安全漏洞

Termius is an SSH client from Termius, Inc. A security vulnerability exists in Termius versions prior to 9.9.0 that originates from allowing a local attacker to execute arbitrary code via a specially crafted script in the DYLDINSERTLIBRARIES component...

3.3CVSS7.1AI score0.00419EPSS
Exploits0References1
Rows per page
Query Builder