Linux Distros Unpatched Vulnerability : CVE-2023-1907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if...

SUSE SLED15 / SLES15 Security Update : pgadmin4 (SUSE-SU-2025:01326-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01326-1 advisory. - CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL i...

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set bsc1239308 CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users...

The vulnerability of the pgAdmin 4 database management tool lies in the redirection of the URL to an unreliable website, allowing a hacker to redirect users to any given URL address.

The vulnerability of the pgAdmin 4 database management tool is related to the redirection of the URL to an unreliable website. Exploiting this vulnerability allows a malicious actor to redirect users to an arbitrary URL address...

Exploit for CVE-2024-9014

CVE-2024-9014 - pgAdmin 4 OAuth2 Authentication Bypass Exploit...

The vulnerability of the LDAP authentication configuration in Server Mode of the pgAdmin 4 database management tool allows a hacker to bypass security restrictions and gain unauthorized access to protected information.

The vulnerability of the LDAP authentication configuration in the Server Mode mode of the pgAdmin 4 database management tool is related to improper session fixation due to incorrect access control. Exploiting this vulnerability can allow an attacker to bypass security restrictions and gain...

ROS-20250703-01

Vulnerability in Server Mode LDAP authentication configuration of database management tool pgAdmin 4 is related to incorrect session commit as a result of improper access delimitation. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the security restrictions...

ROS-20250703-03

A vulnerability in the pgAdmin 4 database management tool is related to improper data cleanup, provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...

ROS-20250630-01

A vulnerability in the pgAdmin 4 database management tool exists due to an incorrect restriction of the name of the of the path to a restricted directory. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

Exploit for CVE-2025-2945

CVE-2025-2945PoC pgAdmin Proof of Concept pgAdmin Query To...

The vulnerability of the eval() function in Cloud Deployment modules and the Query Tool, a database management tool for pgAdmin 4, allows a hacker to execute arbitrary code.

The vulnerability of the eval function in the Cloud Deployment and Query Tool modules of the pgAdmin 4 database management tool is related to improper code generation during processing of endpoints like /sqleditor/querytool/download and /cloud/deploy, when the querycommited and highavailability...

Fedora 41 : pgadmin4 (2025-49d6f62c0e)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-49d6f62c0e advisory. Update to pgadmin-9.2. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

[SECURITY] Fedora 41 Update: pgadmin4-9.2-1.fc41

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

ROS-20250424-12

A vulnerability in the eval function of the Cloud Deployment and Query Tool modules of the database management tool pgAdmin 4 is related to incorrect code generation control when processing endpoints /sqleditor/querytool/download and /cloud/deploy with querycommitted and highavailability...

K000150987: PostgreSQL pgAdmin vulnerabilities CVE-2025-2945 and CVE-2025-2946

Security Advisory Description CVE-2025-2945 Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint,...

The vulnerability of the pgAdmin 4 database management tool, related to the lack of authentication, allows a hacker to bypass the authentication checks and execute arbitrary code.

The vulnerability of the pgAdmin 4 database management tool is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor to bypass authentication checks and execute arbitrary code...

ROS-20250417-02

Vulnerability of /settings/store API endpoint of pgAdmin database management tool is related to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform a cross-site scripted attack Server mode...

pgAdmin < 9.2 Multiple Vulnerabilities

The version of pgAdmin installed on the remote host is prior to 9.2. It is, therefore, affected by the following vulnerabilities: - Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints;...

pgAdmin Query Tool authenticated RCE (CVE-2025-2945)

This module exploits a vulnerability in pgAdmin where an authenticated user can establish a connection to the query tool and send a specific payload in the querycommited POST parameter. This payload is directly executed via a Python eval statement, resulting in remote code execution in versions...

📄 PgAdmin Query Tool Authenticated Remote Code Execution

This Metasploit module exploits a vulnerability in pgAdmin where an authenticated user can establish a connection to the query tool and send a specific payload in the querycommited POST parameter. This payload is directly executed via a Python eval statement, resulting in remote code execution in...