508 matches found
pgAdmin is affected by an LDAP injection vulnerability
pgAdmin = 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS...
GHSA-W2P4-P4RH-QCM3 pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode
pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...
GHSA-G4R8-3QMH-PMCH pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification
pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...
Improper Certificate Validation
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Improper Certificate Validation via the TLS certificate verification bypass. An attacker can gain unauthorized access by exploiting improper TLS certificate verification during authentication. Remediation...
CVE-2025-12765
pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...
CVE-2025-12765
pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...
CVE-2025-12763
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...
CVE-2025-12764
pgAdmin = 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS...
CVE-2025-12762
pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...
CVE-2025-12762
pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...
CVE-2025-12764
pgAdmin = 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS...
CVE-2025-12763
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...
CVE-2025-12765 pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.
pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...
CVE-2025-12765 pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.
pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...
CVE-2025-12765
Summary of the CVE: CVE-2025-12765 affects pgAdmin4 (noted in multiple advisories) with a flaw in the LDAP authentication flow that allows bypassing TLS certificate validation. The SUSE/OpenSUSE entries and related Nessus plugins cite this CVE alongside CVE-2025-12764 and others, indicating impac...
CVE-2025-12764 pgAdmin 4: LDAP injection vulnerability in LDAP authentication flow.
pgAdmin = 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS...
CVE-2025-12764
Summary of CVE-2025-12764 (pgAdmin4) : The vulnerability affects pgAdmin4 versions up to 9.9 where an improper validation of characters in a username during LDAP authentication allows LDAP injections, which can cause the DC/LDAP server and client to process an excessive amount of data and trigger...
CVE-2025-12764 pgAdmin 4: LDAP injection vulnerability in LDAP authentication flow.
pgAdmin = 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS...
CVE-2025-12763 Command injection vulnerability allowing arbitrary command execution on Windows
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...
CVE-2025-12763 Command injection vulnerability allowing arbitrary command execution on Windows
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...