CVE ID :CVE-2026-12046 Published : June 18, 2026, 11:37 p.m. | 1 hour, 31 minutes ago Description :Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connection/// -- were the only routes in the module...

#Sicherheitslücke #Update

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-12046 - pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution

VERWANDTEARTIKEL

CVE-2026-40624 - AVer PTC cameras Files or Directories Accessible to External Parties

CVE-2026-12048 - pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

CVE-2026-12045 - pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution

CVE-2026-12044 - pgAdmin 4: SQL injection in COMMENT ON ... IS '<description>' rendering across dialog templates

Kritische SQL-Injection in PIAF-HMS: Unauthentifizierte Angriffe auf Hotel-Management-Daten möglich

CVE-2026-56078 - PraisonAI - Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor