GHSA-9983-VRX2-FG9C NATS JetStream has an authorization bypass through its Management API

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The persistent storage feature, JetStream, has a management API which has many features, amongst which are backup and restore. Problem...

pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

CVE-2026-1707

CVE-2026-1707 affects pgAdmin 9.11. The SUSE/Red Hat/Linux advisories describe a Restore restriction bypass during server-mode restores from PLAIN-format dumps, where an attacker with web GUI access can observe an active restore, exfiltrate the \restrict key in real time, and race the restore by ...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir to the current working directory of the calling user, aka a "cwd restore permission bypass." Remediation Upgrade...