Lucene search
+L
PgadminPgadmin 4

5 matches found

CVE
CVE
added 2023/03/27 12:0 a.m.162 views

CVE-2023-0241

pgAdmin 4 contains a directory traversal vulnerability in versions prior to v6.19. The flaw could allow a user to change another user’s settings or alter the database. Multiple sources corroborate the issue (CVE-2023-0241) and note remediation via updates; open advisories reference a fixed releas...

6.5CVSS6.2AI score0.08826EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.129 views

CVE-2022-0959

CVE-2022-0959 affects pgAdmin4: a malicious, authenticated user can craft an HTTP request using an existing CSRF token and session cookie to upload files to any location writable by the OS user running pgAdmin. The root cause is an unrestricted file upload path that permits writes outside intende...

6.5CVSS6.2AI score0.00953EPSS
CVE
CVE
added 2023/01/17 12:0 a.m.127 views

CVE-2023-22298

CVE-2023-22298 is an open redirect vulnerability in pgAdmin 4 prior to version 6.14. An unauthenticated remote attacker can lure a user to click a specially crafted URL, redirecting them to an arbitrary site and enabling phishing. Affected software is pgAdmin 4; the root cause is an improper redi...

6.1CVSS6.1AI score0.0091EPSS
CVE
CVE
added 2026/06/18 11:37 p.m.41 views

CVE-2026-12049

CVE-2026-12049 affects pgAdmin 4. An open redirect vulnerability exists in the MFA flow where the next parameter is not validated against the current origin, allowing an authenticated user to be redirected to an attacker-controlled host via /mfa/validate?next=… This is a trusted-domain redirect r...

6.1CVSS5.4AI score0.00218EPSS
Web
CVE
CVE
added 2026/05/11 2:35 p.m.22 views

CVE-2026-7820

CVE-2026-7820 affects pgAdmin 4 prior to 9.15. The issue is an account-lockout bypass caused by improper synchronization between pgAdmin’s custom /authenticate/login path and Flask-Security’s default /login path. Because Flask-Security’s default route does not consult the pgAdmin User.locked fiel...

6.9CVSS5.8AI score0.00211EPSS
Web