Arbitrary Code Injection

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Arbitrary Code Injection through the PLAIN SQL file, which includes any meta-commands. An attacker can execute arbitrary commands on the server by supplying a crafted PLAIN-format SQL dump file during...

Cross-Site Scripting (XSS)

pgadmin4 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to lack of input/output encoding when rendering query results, which allows an attacker to execute arbitrary HTML or JavaScript in the victim's browser...

Fedora 41 : pgadmin4 (2024-4944ad2c87)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4944ad2c87 advisory. Fix CVE-2024-9014. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Unauthorized Access

pgAdmin4 is vulnerable to Unauthorized Access. The vulnerability is due to the potential exposure of the client ID and secret, which allows an attacker to gain unauthorized access to user data...