|
1161
|
9.8 |
CRITICAL
Network
|
github
|
enterprise_server
|
A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusi…
Update
|
CWE-436
CWE-918
Interpretation Conflict
Server-Side Request Forgery (SSRF)
|
CVE-2026-8034
|
2026-05-12 02:18 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1162
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4.
pgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-7820
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1163
|
8.1 |
HIGH
Network
|
-
|
-
|
Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager.
check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent k…
New
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-7819
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1164
|
7.0 |
HIGH
Local
|
-
|
-
|
Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager.
The session manager performed unsafe deserialization of session-file contents (using Python's standard object-seria…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7818
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1165
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.
User-supplied api_key_file and api_url preferences were passed to the …
New
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-7817
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1166
|
8.8 |
HIGH
Network
|
-
|
-
|
OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export.
User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An aut…
New
|
CWE-89
SQL Injection
|
CVE-2026-7816
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1167
|
8.8 |
HIGH
Network
|
-
|
-
|
SQL injection vulnerability in pgAdmin 4 Maintenance Tool.
Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly i…
New
|
CWE-89
SQL Injection
|
CVE-2026-7815
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1168
|
7.7 |
HIGH
Network
|
-
|
-
|
Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire mer…
New
|
CWE-200
Information Exposure
|
CVE-2026-44738
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1169
|
- |
|
-
|
-
|
grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44737
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1170
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
The DATA-packet handler in rxrpc_input_call_event() and th…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43500
|
2026-05-12 02:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
