CVE-2025-12763

CVE-2025-12763 affects pgAdmin 4 versions up to 9.9 on Windows, where a command-injection vulnerability is caused by using shell=True during backup/restore operations, enabling an attacker to execute arbitrary system commands via crafted file paths. Multiple independent sources note this can lead...

CVE-2025-12762 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

CVE-2025-12762 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

CVE-2025-12762

CVE-2025-12762 affects pgAdmin 4 up to v9.9 when running in server mode and performing restores from PLAIN-format dumps, enabling remote code execution via injected commands on the host. Public advisories and Nessus/GHSA entries confirm this is a critical RCE with network access, low complexity, ...

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 9.9 and earlier versions, which stems from a TLS certificate validation in the LDAP authentication mechanism that can be bypassed...

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 9.9 and earlier versions, which stems from an LDAP injection in the LDAP authentication process and could lead to a denial of servi...

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 4 9.9 and earlier versions, which stems from the use of shell=True for backup and restore operations on Windows systems, which coul...

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 9.9 and earlier versions, which stems from improper handling of PLAIN-format dump files in server mode, and could lead to remote co...

PT-2025-46822

Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 9.9 Description The LDAP authentication mechanism in pgAdmin has a flaw that permits bypassing TLS certificate verification. This could allow attackers to intercept and potentially manipulate communications during...

PT-2025-46820

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions up to 9.9 Description pgAdmin 4 versions up to 9.9 on Windows systems are susceptible to a command injection issue. The root cause is the use of shell=True during backup and restore operations. This allows attackers to execu...

PT-2025-46821

Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 9.9 Description The software is susceptible to an LDAP injection issue within the LDAP authentication process. An attacker can inject specific LDAP characters into the username field. This manipulation forces the...

PT-2025-46819

Name of the Vulnerable Software and Affected Versions pgAdmin versions up to 9.9 Description pgAdmin is susceptible to a Remote Code Execution RCE issue that arises when operating in server mode and restoring from PLAIN-format dump files. This flaw allows attackers to inject and execute arbitrary...

ROS-20251029-05

The vulnerability in the pgAdmin 4 database management tool is related to a flaw in the mechanism for source validation. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to protected information...

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2025-9636: Fixed cross-origin opener policy COOP vulnerability bsc1249151. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

Fedora: Security Advisory (FEDORA-2025-3c80b660e0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

pgadmin4-9.8-1.1 on GA media (moderate)

pgadmin4-9.8-1.1 on GA media Announcement ID: openSUSE-SU-2025:15612-1 Rating: moderate Cross-References: CVE-2025-9636 CVSS scores: CVE-2025-9636 SUSE : 7.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L CVE-2025-9636 SUSE : 7.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N...

Fedora 42 : pgadmin4 (2025-3c80b660e0)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3c80b660e0 advisory. Update to pgadmin-9.8. Fixes CVE-2025-9636. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Origin Validation Error

pgadmin4 vulnerable to Origin Validation Error. The vulnerability is due to insufficient COOP header enforcement because of the application failing to set or correctly validate Cross-Origin-Opener-Policy on OAuth and related pages, and an attacker can abuse this by manipulating the OAuth flow...

OPENSUSE-SU-2025:15612-1 pgadmin4-9.8-1.1 on GA media

These are all security issues fixed in the pgadmin4-9.8-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2025-9604

Malicious code in bioql PyPI...