Lucene search
K

182 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40550

Name of the Vulnerable Software and Affected Versions Dalfox versions prior to 2.13.0 Description When running in REST API server mode, the software fails to sanitize the custom-payload-file field within model.Options, which is deserialized directly from the request body and passed to the...

7.5CVSS5.9AI score0.00251EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40424

Name of the Vulnerable Software and Affected Versions dalfox versions prior to 2.12.0 Description When running in REST API server mode dalfox server, the software binds to 0.0.0.0:6664 by default without requiring authentication. An unauthenticated attacker can send a request to the '/scan'...

10CVSS6.6AI score0.01051EPSS
Exploits2References9
OSV
OSV
added 2026/05/11 6:31 p.m.5 views

GHSA-H2X2-Q2MC-24GW pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/11 6:31 p.m.13 views

EUVD-2026-29081

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 4:17 p.m.13 views

CVE-2026-7813

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS0.00455EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 2:35 p.m.12 views

CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 2:35 p.m.25 views

CVE-2026-7813

pgAdmin 4 server mode CVE-2026-7813 enables cross-user data access and privilege escalation in Shared Servers. An authenticated user could enumerate object IDs to fetch another user’s private servers, server groups, background processes, and debugger arguments due to lacking user-scoped access co...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/11 2:35 p.m.38 views

CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS0.00455EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39623

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description An authorization issue in server mode affects the Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fail to filter user-owned objects by the...

9.9CVSS6AI score0.00455EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-37195

Name of the Vulnerable Software and Affected Versions Argo Workflows versions 4.0.0 through 4.0.4 Description The Sync Service's ConfigMap-backed provider in server/sync/sync cm.go lacks authorization checks for all create, read, update, and delete CRUD operations. This allows any authenticated...

8.5CVSS5.8AI score0.00515EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.8 views

pgAdmin < 9.12 Command Execution (GHSA-3p7x-94q9-jq9x)

The version of pgAdmin installed on the remote host is prior to 9.12. It is, therefore, affected by command execution vulnerability: - pgAdmin versions prior to 9.12 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performin...

7.4CVSS5.9AI score0.00392EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/06 12:26 a.m.4 views

SUSE CVE-2026-1707

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References3
OSV
OSV
added 2026/02/05 6:30 p.m.3 views

GHSA-3P7X-94Q9-JQ9X pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References4
NVD
NVD
added 2026/02/05 6:16 p.m.17 views

CVE-2026-1707

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS0.00392EPSS
Exploits0References1
CVE
CVE
added 2026/02/05 5:30 p.m.34 views

CVE-2026-1707

CVE-2026-1707 affects pgAdmin 9.11. The SUSE/Red Hat/Linux advisories describe a Restore restriction bypass during server-mode restores from PLAIN-format dumps, where an attacker with web GUI access can observe an active restore, exfiltrate the \restrict key in real time, and race the restore by ...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/05 5:30 p.m.5 views

EUVD-2026-5528

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 5:30 p.m.6 views

CVE-2026-1707 Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 5:30 p.m.3 views

CVE-2026-1707 Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS7.2AI score0.00392EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/05 5:30 p.m.6 views

CVE-2026-1707

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/05 5:30 p.m.36 views

CVE-2026-1707 Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS0.00392EPSS
Exploits0References1
Rows per page
Query Builder