136 matches found
SUSE CVE-2026-7814
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
EUVD-2026-29082
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
GHSA-6P2C-69CV-3FXQ pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
CVE-2026-7814
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
CVE-2026-7814 pgAdmin 4: Stored XSS via crafted PostgreSQL object names in Browser Tree and Explain Visualizer
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
CVE-2026-7814
Summary: CVE-2026-7814 is a stored XSS in pgAdmin 4’s Browser Tree and Explain Visualizer. User-controlled PostgreSQL object names (database, schema, table, column, etc.) were inserted into the DOM via innerHTML, enabling crafted names with HTML markup to execute attacker-supplied JavaScript in a...
CVE-2026-7814 pgAdmin 4: Stored XSS via crafted PostgreSQL object names in Browser Tree and Explain Visualizer
Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...
PT-2026-39624
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description A stored cross-site scripting XSS issue exists in the Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names, such as those for databases, schemas, tables, or columns,...
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening
Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a...
OPENSUSE-SU-2026:20489-1 Security update for pgvector
This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18...
SUSE-SU-2026:21153-1 Security update for pgvector
This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18...
openSUSE Security Advisory (SUSE-SU-2026:1068-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for pgvector
This update for pgvector fixes the following issue: Update to pgvector 0.8.2: CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18 Patch Instructions: To install this SUSE update use the SUSE recommended...
SUSE-SU-2026:1068-1 Security update for pgvector
This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18...
MiracleLinux 3 : mysql-5.0.95-3.0.1.AXS3 (AXSA:2013-78:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-78:01 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different clie...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000158)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000158 advisory. A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted...
Towards Spring Tools 5 - Ready for AI
There is no doubt that AI-based coding assistants are already or will be widely used by developers and within organizations. While the overall outlook is pretty certain, the exact way when and how to use those tools might vary, ranging from extensions for existing IDEs e.g. Copilot for Visual...
EUVD-2025-50823
Parse Server allows public explain queries which may expose sensitive database performance information and schema details...
GHSA-7CX5-254X-CGRQ Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...