Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

54 New today

64,228 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Jun 21

Critical

High

Medium

Low

Latest

CVE CVSS 4.3

pgAdmin 4: Open redirect in multi-factor authentication flow via unvalidated ‘next’ parameter_CVE-2026-12049

Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form parameter without confirming the target pointed back inside pgAdmin, so an authenticated victim who clicked /mfa/validate?next=<e...

CVE-2026-12049 pgadmin.org pgAdmin 4 6.0

Jun 18, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-12048	pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser_CVE-2026-12048 Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messa...	pgadmin.org	pgAdmin 4 6.0	Jun 18, 2026	CVE
LOW 3.5	CVE-2026-12047	pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text_CVE-2026-12047 HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /...	pgadmin.org	pgAdmin 4 6.6	Jun 18, 2026	CVE
CRITICAL 9	CVE-2026-12046	pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution_CVE-2026-12046 Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connec...	pgadmin.org	pgAdmin 4 6.9	Jun 18, 2026	CVE
CRITICAL 9	CVE-2026-12045	pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution_CVE-2026-12045 Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execut...	pgadmin.org	pgAdmin 4 9.13	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-12044	pgAdmin 4: SQL injection in COMMENT ON … IS ‘‘ rendering across dialog templates_CVE-2026-12044 SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT ON ... IS ''`` for a user-supplied description field. The Jinja temp...	pgadmin.org	pgAdmin 4 1.0	Jun 18, 2026	CVE
HIGH 8.7	CVE-2026-8806	Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module_CVE-2026-8806 Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a r...	Mitsubishi Electric Corporation	Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP All versions	Jun 19, 2026	CVE
HIGH 8.7	CVE-2026-8805	Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module_CVE-2026-8805 Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-E...	Mitsubishi Electric Corporation	Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-11775	User Admin Simplifier <= 3.0.0 - Cross-Site Request Forgery_CVE-2026-11775 The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due...	adamsilverstein	User Admin Simplifier	Jun 19, 2026	CVE
MEDIUM 6.9	CVE-2026-56132	CVE-2026-56132_CVE-2026-56132 In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled...	libexpat project	libexpat	Jun 19, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

pgAdmin 4: Open redirect in multi-factor authentication flow via unvalidated ‘next’ parameter_CVE-2026-12049

Recent Advisories

pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser_CVE-2026-12048

pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text_CVE-2026-12047

pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution_CVE-2026-12046

pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution_CVE-2026-12045

pgAdmin 4: SQL injection in COMMENT ON … IS ‘‘ rendering across dialog templates_CVE-2026-12044

Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module_CVE-2026-8806

Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module_CVE-2026-8805

User Admin Simplifier <= 3.0.0 - Cross-Site Request Forgery_CVE-2026-11775

CVE-2026-56132_CVE-2026-56132

Protect Your Attack Surface with RedGem

Security Intelligence
Feed