CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

484 matches found

pgAdmin < 6.17 - Unauthenticated Remote Code Execution

pgAdmin prior to 6.17 contains an insecure HTTP API caused by improper access control, letting unauthenticated users execute arbitrary external utilities via path manipulation, exploit requires no authentication. id: CVE-2022-4223 info: name: pgAdmin 6.17 - Unauthenticated Remote Code Execution...

8.8CVSS7.5AI score0.80069EPSS

Exploits0References2

Nuclei•added 2 days ago•34 views

pgAdmin 4 - Authentication Bypass

pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. id: CVE-2024-9014 info: name: pgAdmin 4 - Authentication Bypass author...

9.9CVSS6.6AI score0.09681EPSS

Exploits2References3

RedhatCVE•added 3 days ago•8 views

CVE-2026-12046

A flaw was found in pgAdmin 4. Critical functions within the SQL Editor blueprint lacked proper authentication, allowing a remote attacker to bypass security controls. When combined with specific preconditions, such as knowledge of the Flask SECRETKEY and write access to the sessions directory,...

9.5CVSS6.6AI score

Exploits0References5

RedhatCVE•added 3 days ago•4 views

CVE-2026-12047

A flaw was found in pgAdmin 4. An authenticated pgAdmin user can exploit an HTML injection vulnerability in the cloud deployment module. By submitting a crafted input that triggers an SDK exception, an attacker can embed structural HTML directly into the Cloud Wizard's interface. This can lead to...

4.8CVSS5.4AI score

Exploits0References5

RedhatCVE•added 3 days ago•5 views

CVE-2026-12050

A flaw was found in pgAdmin 4. An authenticated user with an active PostgreSQL session could exploit a SQL injection vulnerability in the named restore point endpoint. This allows the user to execute arbitrary SQL statements through an unexpected path. While this does not grant additional...

5.3CVSS6.1AI score

Exploits0References5

RedhatCVE•added 3 days ago•5 views

CVE-2026-12049

A flaw was found in pgAdmin 4. This open redirect vulnerability exists in the multi-factor authentication MFA flow. An authenticated user could be tricked into clicking a specially crafted link, which would redirect them to an attacker-controlled website. This could increase the success rate of...

5.3CVSS5AI score

Exploits0References5

CVE•added 4 days ago•18 views

CVE-2026-12049

CVE-2026-12049 affects pgAdmin 4. An open redirect vulnerability exists in the MFA flow where the next parameter is not validated against the current origin, allowing an authenticated user to be redirected to an attacker-controlled host via /mfa/validate?next=… This is a trusted-domain redirect r...

5.3CVSS5.4AI score

Exploits0References2

CVE•added 4 days ago•16 views

CVE-2026-12047

CVE-2026-12047 – pgAdmin 4 : HTML injection in the cloud deployment module arises when unsanitised exception text (from verify_credentials, deploy, and related endpoints under /rds/, /azure/, /google/, and /cloud/) is echoed into JSON response fields (info/errormsg) and rendered by the Cloud Wiza...

4.8CVSS5.3AI score

Exploits0References2

CVE•added 4 days ago•34 views

CVE-2026-12046

CVE-2026-12046: pgAdmin 4 exposes unauthenticated deserialization sink in SQL Editor close and update_connection routes (DELETE /sqleditor/close/, POST /sqleditor/initialize/sqleditor/update_connection///). Missing @pga_login_required allows unauthenticated access to pickle.loads on session['grid...

9.5CVSS6.8AI score

Exploits0References2

CVE•added 4 days ago•25 views

CVE-2026-12050

Technical details beyond the initial description are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.5AI score

Exploits0References2

CVE•added 4 days ago•23 views

CVE-2026-12044

CVE-2026-12044 affects pgAdmin 4. An authenticated user with permission to create/alter objects can inject SQL via the description field in templates rendering COMMENT ON ... IS ''. The vulnerability stems from Jinja templates interpolating user-supplied descriptions directly into single-quoted S...

8.8CVSS6AI score

Exploits0References3

Tenable Nessus•added 2026/06/12 12:0 a.m.•6 views

SolarWinds Web Help Desk < 2026.2 Multiple Vulnerabilities

The version of SolarWinds Web Help Desk installed on the remote host is prior to 2026.2. It is, therefore, affected by multiple vulnerabilities. - pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores...

9.8CVSS6.8AI score0.11963EPSS

Exploits2References9