Lucene search
K

532 matches found

Nuclei
Nuclei
added 4 hours ago56 views

pgAdmin 4 - Authentication Bypass

pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. id: CVE-2024-9014 info: name: pgAdmin 4 - Authentication Bypass author...

9.9CVSS7AI score0.09685EPSS
Exploits2References3
Nuclei
Nuclei
added 3 days ago45 views

pgAdmin < 6.17 - Unauthenticated Remote Code Execution

pgAdmin prior to 6.17 contains an insecure HTTP API caused by improper access control, letting unauthenticated users execute arbitrary external utilities via path manipulation, exploit requires no authentication. id: CVE-2022-4223 info: name: pgAdmin 6.17 - Unauthenticated Remote Code Execution...

8.8CVSS7.2AI score0.79933EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-452 pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.16 views

PYSEC-2026-453 pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user

pgAdmin prior to version 8.4 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is...

9.9CVSS7.4AI score0.79326EPSS
Exploits4References8
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-450 pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

9.1CVSS6AI score0.00866EPSS
Exploits1References8
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-454 pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

9.1CVSS6.5AI score0.12384EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-451 pgAdmin 4 Vulnerable to Remote Code Execution

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

9.9CVSS6.2AI score0.46222EPSS
Exploits8References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-449 pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering

pgAdmin = 9.1 is affected by a security vulnerability with Cross-Site ScriptingXSS. If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser...

9.1CVSS7.4AI score0.00305EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.10 views

Fedora 43 : pgadmin4 (2026-5938be3b09)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5938be3b09 advisory. Update to pgadmin-9.16. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.5CVSS5.8AI score0.0071EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Fedora 44 : pgadmin4 (2026-c248414214)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c248414214 advisory. Update to pgadmin-9.16. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.5CVSS5.8AI score0.0071EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

pgAdmin < 9.16 Stored XSS / Open Redirect

The version of pgAdmin installed on the remote host is prior to 9.16. It is, therefore, affected by multiple vulnerabilities: - Text returned by a PostgreSQL server, including error messages, quoted object names, and EXPLAIN fields, is passed verbatim through html-react-parser at every user-facin...

9.3CVSS7.3AI score0.00218EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.13 views

pgAdmin 9.x < 9.16 Read-Only Transaction Bypass (CVE-2026-12045)

The version of pgAdmin installed on the remote host is 9.x prior to 9.16. It is, therefore, affected by a read-only transaction bypass vulnerability: - The AI Assistant's executesqlquery tool accepts multi-statement payloads. A single COMMIT followed by a write-statement terminates the enclosing...

9.4CVSS6.2AI score0.00482EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

pgAdmin < 9.16 HTML Injection (CVE-2026-12047)

The version of pgAdmin installed on the remote host is prior to 9.16. It is, therefore, affected by an HTML injection vulnerability: - Cloud deployment endpoints forward SDK exception text directly into JSON fields without HTML-encoding. The Cloud Wizard frontend renders these responses through...

5.4CVSS6AI score0.00137EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

pgAdmin < 9.16 Multiple SQL Injections

The version of pgAdmin installed on the remote host is prior to 9.16. It is, therefore, affected by multiple SQL injection vulnerabilities: - Multiple SQL template sites across domain, domain-constraint, foreign-table, language, event-trigger, and view dialogs render user-supplied...

8.8CVSS6.3AI score0.00489EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/19 3:59 a.m.10 views

CVE-2026-12048

A flaw was found in pgAdmin 4. This stored cross-site scripting XSS vulnerability allows a remote attacker to inject arbitrary HTML into the pgAdmin user interface. This occurs when text returned by a PostgreSQL server, such as error messages or object names, is not properly sanitized. An attacke...

9.3CVSS5.3AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/19 3:54 a.m.9 views

CVE-2026-12046

A flaw was found in pgAdmin 4. Critical functions within the SQL Editor blueprint lacked proper authentication, allowing a remote attacker to bypass security controls. When combined with specific preconditions, such as knowledge of the Flask SECRETKEY and write access to the sessions directory,...

9.5CVSS6.6AI score0.0071EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/19 3:49 a.m.10 views

CVE-2026-12047

A flaw was found in pgAdmin 4. An authenticated pgAdmin user can exploit an HTML injection vulnerability in the cloud deployment module. By submitting a crafted input that triggers an SDK exception, an attacker can embed structural HTML directly into the Cloud Wizard's interface. This can lead to...

5.4CVSS5.4AI score0.00137EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/19 3:49 a.m.9 views

CVE-2026-12044

A flaw was found in pgAdmin 4. An authenticated user with specific permissions could exploit a SQL injection vulnerability by submitting a crafted description field in various dialog templates. This could allow the user to execute arbitrary SQL commands, potentially leading to arbitrary operating...

8.8CVSS6.3AI score0.00489EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/19 3:39 a.m.9 views

CVE-2026-12050

A flaw was found in pgAdmin 4. An authenticated user with an active PostgreSQL session could exploit a SQL injection vulnerability in the named restore point endpoint. This allows the user to execute arbitrary SQL statements through an unexpected path. While this does not grant additional...

8.8CVSS6.1AI score0.00245EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/19 3:29 a.m.11 views

CVE-2026-12049

A flaw was found in pgAdmin 4. This open redirect vulnerability exists in the multi-factor authentication MFA flow. An authenticated user could be tricked into clicking a specially crafted link, which would redirect them to an attacker-controlled website. This could increase the success rate of...

6.1CVSS5AI score0.00218EPSS
Exploits0References5
Rows per page
Query Builder