VYPR

rpm package

suse/pgadmin4&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4

pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4

Vulnerabilities (7)

  • CVE-2025-12765Nov 13, 2025
    affected < 4.30-150300.3.21.1fixed 4.30-150300.3.21.1

    pgAdmin <= 9.9  is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

  • CVE-2025-12764Nov 13, 2025
    affected < 4.30-150300.3.21.1fixed 4.30-150300.3.21.1

    pgAdmin <= 9.9  is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.

  • CVE-2025-9636Sep 4, 2025
    affected < 4.30-150300.3.24.1fixed 4.30-150300.3.24.1

    pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.

  • CVE-2025-27152Mar 7, 2025
    affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1

    axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka

  • CVE-2023-1907Jan 9, 2025
    affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1

    A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

  • CVE-2024-4068May 13, 2024
    affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1

    The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program

  • CVE-2024-2044Mar 7, 2024
    affected < 4.30-150300.3.12.1fixed 4.30-150300.3.12.1

    pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is