Lucene search
K
PgadminPgadmin 4

8 matches found

CVE
CVE
added 2024/05/02 5:42 p.m.116 views

CVE-2024-4216

CVE-2024-4216 affects pgAdmin <= 8.5 with an XSS in the /settings/store API response JSON payload, allowing an attacker to execute malicious script on the client side. The vulnerability is described with CVSS metrics indicating a remotely exploitable issue with low user interaction in the NVD ...

7.4CVSS7.1AI score0.00461EPSS
CVE
CVE
added 2024/06/25 4:12 p.m.54 views

CVE-2024-6238

Summary: CVE-2024-6238 affects pgAdmin versions up to 8.8 and is due to an installation directory permissions issue on Debian/RHEL 8, potentially allowing attackers to gain unauthorized access to the installation directory. The NVD/CNA data indicate a mix of impact metrics, including confidential...

7.4CVSS7.5AI score0.00246EPSS
CVE
CVE
added 2025/09/04 4:43 p.m.47 views

CVE-2025-9636

CVE-2025-9636 affects pgAdmin4 (notably pgadmin4 packages in multiple Linux distributions). The vulnerability is a Cross-Origin Opener Policy (COOP) issue that could allow an attacker to manipulate the OAuth flow, potentially leading to restricted for unauthorised account access, account takeover...

7.9CVSS6.4AI score0.00213EPSS
CVE
CVE
added 2026/05/11 2:35 p.m.37 views

CVE-2026-7818

CVE-2026-7818 affects pgAdmin 4: Unsafe deserialization in FileBackedSessionManager allows an authenticated user with write access to the sessions directory to craft a payload that could lead to operating-system level remote code execution under the pgAdmin process identity. The root cause is des...

7.8CVSS6.5AI score0.00131EPSS
CVE
CVE
added 2026/02/05 5:30 p.m.36 views

CVE-2026-1707

CVE-2026-1707 affects pgAdmin 9.11. The SUSE/Red Hat/Linux advisories describe a Restore restriction bypass during server-mode restores from PLAIN-format dumps, where an attacker with web GUI access can observe an active restore, exfiltrate the \restrict key in real time, and race the restore by ...

7.4CVSS5.8AI score0.00392EPSS
CVE
CVE
added 2026/05/11 2:35 p.m.22 views

CVE-2026-7817

PgAdmin 4 LLM API configuration endpoints are affected by CVE-2026-7817, which exposes Local File Inclusion (LFI) and Server-Side Request Forgery (SSRF). An authenticated user can abuse api_key_file and api_url preferences to read arbitrary server-side files or trigger requests to internal target...

7.1CVSS6AI score0.00217EPSS
CVE
CVE
added 2025/11/13 1:0 p.m.21 views

CVE-2025-12765

Summary of the CVE: CVE-2025-12765 affects pgAdmin4 (noted in multiple advisories) with a flaw in the LDAP authentication flow that allows bypassing TLS certificate validation. The SUSE/OpenSUSE entries and related Nessus plugins cite this CVE alongside CVE-2025-12764 and others, indicating impac...

7.5CVSS6.7AI score0.00196EPSS
CVE
CVE
added 2025/11/13 1:0 p.m.20 views

CVE-2025-12764

Summary of CVE-2025-12764 (pgAdmin4) : The vulnerability affects pgAdmin4 versions up to 9.9 where an improper validation of characters in a username during LDAP authentication allows LDAP injections, which can cause the DC/LDAP server and client to process an excessive amount of data and trigger...

7.5CVSS7AI score0.00396EPSS