CVE-2025-2946
- EPSS 0.02%
- Veröffentlicht 03.04.2025 13:15:43
- Zuletzt bearbeitet 23.04.2025 22:24:39
pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.
CVE-2023-1907
- EPSS 0.08%
- Veröffentlicht 09.01.2025 08:15:24
- Zuletzt bearbeitet 20.06.2025 17:57:08
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.
CVE-2024-4215
- EPSS 0.03%
- Veröffentlicht 02.05.2024 18:15:07
- Zuletzt bearbeitet 19.09.2025 13:37:32
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions w...
CVE-2024-4216
- EPSS 0.23%
- Veröffentlicht 02.05.2024 18:15:07
- Zuletzt bearbeitet 19.09.2025 13:27:28
pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.
CVE-2024-2044
- EPSS 81.66%
- Veröffentlicht 07.03.2024 21:15:08
- Zuletzt bearbeitet 19.09.2025 14:55:20
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain co...