PT-2026-39623

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description An authorization issue in server mode affects the Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fail to filter user-owned objects by the...

pgAdmin 代码问题漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had code vulnerabilities related to deserializing unreliable data. These vulnerabilities could allow authenticated users to execute remote code by placing...

pgAdmin SQL注入漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability allows authenticated users to inject arbitrary SQL statements in VACUUM/ANALYZE/REINDEX commands,...

pgAdmin 4 安全漏洞

pgAdmin 4 is an open-source management and development platform for PostgreSQL, developed by the pgAdmin Project. Versions of pgAdmin 4 prior to 9.15 contained security vulnerabilities. These vulnerabilities were caused by local file inclusion and server-side request forgeing, which could allow...

PT-2026-39629

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. check access permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own...

pgAdmin 访问控制错误漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 contained an access control vulnerability. This vulnerability stemmed from an authorization flaw, which could allow authenticated users to access other users’...

pgAdmin 安全漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 contained a security vulnerability caused by symbolic link path traversal. This vulnerability could allow authenticated users to create symbolic links within...

pgAdmin 安全漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 contained a security vulnerability. This vulnerability stemmed from improper restrictions on authentication attempts, which could allow attackers to bypass...

PT-2026-39627

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description Local file inclusion LFI and server-side request forgery SSRF issues exist in the LLM API configuration endpoints. Authenticated users can read arbitrary server-side files by providing a path to the...

pgAdmin 跨站脚本漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a cross-site scripting vulnerability. This vulnerability stemmed from stored cross-site scripts, which could allow user-controlled PostgreSQL object names...

PT-2026-39624

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description A stored cross-site scripting XSS issue exists in the Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names, such as those for databases, schemas, tables, or columns,...

PT-2026-39628

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description The FileBackedSessionManager in pgAdmin 4 performs unsafe deserialization of session-file contents using Python's standard object-serialization module before conducting an HMAC integrity check. This...

CVE-2026-41425 vulnerabilities

Vulnerabilities for packages: open-webui, airflow, mlflow, datahub-ingestion-fips, datahub-ingestion, pgadmin4-fips...

[SECURITY] Fedora 44 Update: pgadmin4-9.14-3.fc44

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 43 Update: pgadmin4-9.14-3.fc43

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Exploit for Code Injection in Pgadmin Pgadmin_4

CVE-2025-2945 — pgAdmin 4 Query Tool Authenticated RCE Proof...

[SECURITY] Fedora 42 Update: pgadmin4-9.13-1.fc42

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 44 Update: pgadmin4-9.13-1.fc44

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Fedora 43 : pgadmin4 (2026-bef5344f9f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bef5344f9f advisory. Update to pgadmin4-9.13. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 44 : pgadmin4 (2026-220c4ca745)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-220c4ca745 advisory. Update to pgadmin4-9.13. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...