8 matches found
CVE-2024-4216
CVE-2024-4216 affects pgAdmin <= 8.5 with an XSS in the /settings/store API response JSON payload, allowing an attacker to execute malicious script on the client side. The vulnerability is described with CVSS metrics indicating a remotely exploitable issue with low user interaction in the NVD ...
CVE-2024-6238
Summary: CVE-2024-6238 affects pgAdmin versions up to 8.8 and is due to an installation directory permissions issue on Debian/RHEL 8, potentially allowing attackers to gain unauthorized access to the installation directory. The NVD/CNA data indicate a mix of impact metrics, including confidential...
CVE-2025-9636
CVE-2025-9636 affects pgAdmin4 (notably pgadmin4 packages in multiple Linux distributions). The vulnerability is a Cross-Origin Opener Policy (COOP) issue that could allow an attacker to manipulate the OAuth flow, potentially leading to restricted for unauthorised account access, account takeover...
CVE-2026-7818
CVE-2026-7818 affects pgAdmin 4: Unsafe deserialization in FileBackedSessionManager allows an authenticated user with write access to the sessions directory to craft a payload that could lead to operating-system level remote code execution under the pgAdmin process identity. The root cause is des...
CVE-2026-1707
CVE-2026-1707 affects pgAdmin 9.11. The SUSE/Red Hat/Linux advisories describe a Restore restriction bypass during server-mode restores from PLAIN-format dumps, where an attacker with web GUI access can observe an active restore, exfiltrate the \restrict key in real time, and race the restore by ...
CVE-2026-7817
PgAdmin 4 LLM API configuration endpoints are affected by CVE-2026-7817, which exposes Local File Inclusion (LFI) and Server-Side Request Forgery (SSRF). An authenticated user can abuse api_key_file and api_url preferences to read arbitrary server-side files or trigger requests to internal target...
CVE-2025-12765
Summary of the CVE: CVE-2025-12765 affects pgAdmin4 (noted in multiple advisories) with a flaw in the LDAP authentication flow that allows bypassing TLS certificate validation. The SUSE/OpenSUSE entries and related Nessus plugins cite this CVE alongside CVE-2025-12764 and others, indicating impac...
CVE-2025-12764
Summary of CVE-2025-12764 (pgAdmin4) : The vulnerability affects pgAdmin4 versions up to 9.9 where an improper validation of characters in a username during LDAP authentication allows LDAP injections, which can cause the DC/LDAP server and client to process an excessive amount of data and trigger...