|
1701
|
8.8 |
HIGH
Network
|
-
|
-
|
SQL injection vulnerability in pgAdmin 4 Maintenance Tool.
Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly i…
|
CWE-89
SQL Injection
|
CVE-2026-7815
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1702
|
8.8 |
HIGH
Network
|
-
|
-
|
OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export.
User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An aut…
|
CWE-89
SQL Injection
|
CVE-2026-7816
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1703
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.
User-supplied api_key_file and api_url preferences were passed to the …
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-7817
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1704
|
7.0 |
HIGH
Local
|
-
|
-
|
Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager.
The session manager performed unsafe deserialization of session-file contents (using Python's standard object-seria…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7818
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1705
|
8.1 |
HIGH
Network
|
-
|
-
|
Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager.
check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent k…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-7819
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1706
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4.
pgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-7820
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1707
|
- |
|
-
|
-
|
Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege.
|
-
|
CVE-2026-21019
|
2026-05-14 00:33 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1708
|
- |
|
-
|
-
|
Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.
|
-
|
CVE-2026-21024
|
2026-05-14 00:33 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1709
|
5.5 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulatio…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8235
|
2026-05-14 00:33 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1710
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update H…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-8210
|
2026-05-14 00:32 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
