Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 30 articles for you...
89

Fedora 44 pgAdmin 4 Critical SQL Injection Remote Code Exec 2026-c248414214

Update to pgadmin-9.16.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c248414214 2026-06-28 00:56:23.048166+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 44 Version : 9.16 Release : 1.fc44 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin-9.16. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 19 2026 Filipe Rosset - 9.16-1 - Update to 9.16 + spec cleanup and modernization -------------------------------------------------------------------------------- References: [ 1 ] Bug #2490658 - CVE-2026-12049 pgadmin4: pgAdmin 4: Open redirect vulnerability in multi-factor authentication can lead to phishing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490658 [ 2 ] Bug #2490659 - CVE-2026-12050 pgadmin4: pgAdmin 4: Arbitrary SQL execution via SQL injection in restore point endpoint [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490659 [ 3 ] Bug #2490661 - CVE-2026-12044 pgadmin4: pgAdmin 4: Arbitrary code execution via SQL injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490661 [ 4 ] Bug #2490662 - CVE-2026-12047 pgadmin4: pgAdmin 4: HTML injection via unsanitized SDK exception messages in cloud deployment module [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490662 [ 5 ] Bug #2490663 - CVE-2026-12045 pgadmin4: pgAdmin 4: Remote code execution via prompt injection in AI Assistant [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490663 [ 6 ] Bug #2490664 - CVE-2026-12046 pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490664 [ 7 ] Bug #2490665 - CVE-2026-12048 pgadmin4: pgAdmin 4: Cross-site scripting allows arbitrary HTML injection and redirection to malicious sites [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490665 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c248414214' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Discover critical updates for Fedora 44's pgAdmin 4 addressing multiple security flaws including SQL injection and remote code execution.. Fedora updates, pgAdmin security, SQL injection fixes, remote code execution, security patches. . LinuxSecurity.com Team

Calendar%202 Jun 27, 2026 Fedora
89

Fedora 43 pgadmin4 Critical SQL Injection Remote Code Exec 2026-1545df20ad

Update to pgadmin4-9.15.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1545df20ad 2026-05-21 01:26:51.960418+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 43 Version : 9.15 Release : 1.fc43 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin4-9.15. -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2026 Sandro Mani - 9.15-1 - Update to 9.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476786 - CVE-2026-7819 pgadmin4: symbolic-link path traversal in File Manager allows arbitrary file write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476786 [ 2 ] Bug #2476787 - CVE-2026-7815 pgadmin4: SQL injection in maintenance tool option values leading to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476787 [ 3 ] Bug #2476788 - CVE-2026-7817 pgadmin4: local file inclusion and server-side request forgery in LLM API configuration endpoints [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476788 [ 4 ] Bug #2476789 - CVE-2026-7820 pgadmin4: account-lockout bypass via Flask-Security default /login view [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476789 [ 5 ] Bug #2476790 - CVE-2026-7818 pgadmin4: unsafe deserialization in file-backed session manager leads to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476790 [ 6 ] Bug#2476791 - CVE-2026-7816 pgadmin4: OS command injection in Import/Export query export via psql metacommand breakout [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476791 [ 7 ] Bug #2476792 - CVE-2026-7813 pgadmin4: cross-user data access and shared-server privilege escalation in server mode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476792 [ 8 ] Bug #2476793 - CVE-2026-7814 pgadmin4: stored XSS via crafted PostgreSQL object names in Browser Tree and Explain Visualizer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476793 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1545df20ad' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical pgAdmin update addresses multiple security flaws including SQL injection and remote code execution. Stay protected!. pgadmin security update, Fedora advisory, PostgreSQL vulnerabilities, psql command injection. . LinuxSecurity.com Team

Calendar%202 May 21, 2026 Fedora
89

Fedora 44 pgadmin4 Vital Update SQL Injection Remote Code Execution Issue

Update to pgadmin4-9.15.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-68f6155fea 2026-05-21 00:54:04.884645+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 44 Version : 9.15 Release : 1.fc44 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin4-9.15. -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2026 Sandro Mani - 9.15-1 - Update to 9.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476786 - CVE-2026-7819 pgadmin4: symbolic-link path traversal in File Manager allows arbitrary file write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476786 [ 2 ] Bug #2476787 - CVE-2026-7815 pgadmin4: SQL injection in maintenance tool option values leading to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476787 [ 3 ] Bug #2476788 - CVE-2026-7817 pgadmin4: local file inclusion and server-side request forgery in LLM API configuration endpoints [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476788 [ 4 ] Bug #2476789 - CVE-2026-7820 pgadmin4: account-lockout bypass via Flask-Security default /login view [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476789 [ 5 ] Bug #2476790 - CVE-2026-7818 pgadmin4: unsafe deserialization in file-backed session manager leads to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476790 [ 6 ] Bug#2476791 - CVE-2026-7816 pgadmin4: OS command injection in Import/Export query export via psql metacommand breakout [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476791 [ 7 ] Bug #2476792 - CVE-2026-7813 pgadmin4: cross-user data access and shared-server privilege escalation in server mode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476792 [ 8 ] Bug #2476793 - CVE-2026-7814 pgadmin4: stored XSS via crafted PostgreSQL object names in Browser Tree and Explain Visualizer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476793 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-68f6155fea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical update for Fedora 44 pgadmin4 resolves multiple issues including SQL injection and remote code execution threats.. Fedora Update, pgadmin4, SQL Injection, Remote Code Execution, Security Advisory. . LinuxSecurity.com Team

Calendar%202 May 21, 2026 Fedora
89

Fedora 44 PgAdmin4 Update 9.14 Critical Axios Remote Code Vulnerability

Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. Update to pgadmin4-9.14.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-34c2bf6df4 2026-04-25 01:21:36.172965+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 44 Version : 9.14 Release : 3.fc44 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. Update to pgadmin4-9.14. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2026 Sandro Mani - 9.14-3 - Add pgadmin4_CVE-2026-40175.prebundle.patch * Thu Apr 9 2026 Sandro Mani - 9.14-2 - Rework vendor bundle, use corepack yarn * Thu Apr 2 2026 Sandro Mani - 9.14-1 - Update to 9.14 * Thu Apr 2 2026 Sandro Mani - 9.13-2 - Refresh vendor bundle, fixes CVE-2026-4800 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454043 - CVE-2026-4800 pgadmin4: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454043 [ 2 ] Bug #2454310 - pgadmin4-9.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454310 [ 3 ] Bug #2454886 - Query Tool crashes with React error #130 in pgAdmin 9.14 (regression from 9.13) https://bugzilla.redhat.com/show_bug.cgi?id=2454886 [ 4 ] Bug #2456577 - CVE-2026-39865 pgadmin4: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456577 [ 5 ] Bug #2457505 - CVE-2025-62718 pgadmin4: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457505 [ 6 ] Bug #2457878 - CVE-2026-40175 pgadmin4: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457878 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-34c2bf6df4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update pgAdmin 4 on Fedora 44 to fix remote code execution and denial of service issues in axios. Immediate action required.. pgadmin4 update, Fedora security alerts, remote code execution, Denial of Service, axios vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Apr 25, 2026 Fedora
89

Fedora 42 pgadmin4 Update CVE-2026-40175 Remote Code Exec DoS Fix

Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. Update to pgadmin4-9.14.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b4633cbe23 2026-04-23 00:55:31.005293+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 42 Version : 9.14 Release : 3.fc42 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. Update to pgadmin4-9.14. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2026 Sandro Mani - 9.14-3 - Add pgadmin4_CVE-2026-40175.prebundle.patch * Thu Apr 9 2026 Sandro Mani - 9.14-2 - Rework vendor bundle, use corepack yarn * Thu Apr 2 2026 Sandro Mani - 9.14-1 - Update to 9.14 * Thu Apr 2 2026 Sandro Mani - 9.13-2 - Refresh vendor bundle, fixes CVE-2026-4800 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454043 - CVE-2026-4800 pgadmin4: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454043 [ 2 ] Bug #2454310 - pgadmin4-9.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454310 [ 3 ] Bug #2454886 - Query Tool crashes with React error #130 in pgAdmin 9.14 (regression from 9.13) https://bugzilla.redhat.com/show_bug.cgi?id=2454886 [ 4 ] Bug #2456577 - CVE-2026-39865 pgadmin4: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456577 [ 5 ] Bug #2457505 - CVE-2025-62718 pgadmin4: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457505 [ 6 ] Bug #2457878 - CVE-2026-40175 pgadmin4: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457878 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b4633cbe23' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update fixes security issues in pgAdmin for Fedora 42 by updating axios and addressing multiple CVEs effectively.. Fedora pgAdmin4 security axios CVE remote code execution. . LinuxSecurity.com Team

Calendar%202 Apr 23, 2026 Fedora
89

Fedora 42 pgAdmin4 Critical ReDoS and XSS Threats 2026-416a89747f

Update to pgadmin4-9.13.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-416a89747f 2026-03-16 01:10:09.534356+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 42 Version : 9.13 Release : 1.fc42 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin4-9.13. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 7 2026 Sandro Mani - 9.13-1 - Update to 9.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2439386 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2439386 [ 2 ] Bug #2439405 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2439405 [ 3 ] Bug #2442980 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2442980 [ 4 ] Bug #2442981 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442981 [ 5 ] Bug #2443051 - CVE-2026-27902 pgadmin4: Svelte: Cross-Site Scripting via unsanitized error output [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2443051 [ 6 ] Bug #2444801 - pgadmin4-9.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2444801 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-416a89747f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update to pgAdmin 4 version 9.13 for Fedora 42 addresses critical ReDoS and XSS issues.. Fedora Update, pgAdmin 4, Red Hat Security, PostgreSQL Admin Tool, Critical Fix. . LinuxSecurity.com Team

Calendar%202 Mar 16, 2026 Fedora
89

Fedora 43 pgAdmin4 Update Addresses Serious Cross-Site Scripting Flaws

Update to pgadmin4-9.13.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-bef5344f9f 2026-03-16 00:57:17.182011+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 43 Version : 9.13 Release : 1.fc43 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin4-9.13. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 7 2026 Sandro Mani - 9.13-1 - Update to 9.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2439386 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2439386 [ 2 ] Bug #2439405 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2439405 [ 3 ] Bug #2442980 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2442980 [ 4 ] Bug #2442981 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442981 [ 5 ] Bug #2443051 - CVE-2026-27902 pgadmin4: Svelte: Cross-Site Scripting via unsanitized error output [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2443051 [ 6 ] Bug #2444801 - pgadmin4-9.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2444801 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-bef5344f9f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update available for pgadmin4-9.13 on Fedora 43 addressing critical security threats including Cross-Site Scripting.. Fedora pgadmin4 update security ReDoS. . LinuxSecurity.com Team

Calendar%202 Mar 16, 2026 Fedora
89

Fedora 44 pgadmin4 9.13 Faces Moderate Cross-Site Scripting Issue

Update to pgadmin4-9.13.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-220c4ca745 2026-03-16 00:26:18.591080+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 44 Version : 9.13 Release : 1.fc44 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin4-9.13. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 7 2026 Sandro Mani - 9.13-1 - Update to 9.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2439386 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2439386 [ 2 ] Bug #2439405 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2439405 [ 3 ] Bug #2442980 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2442980 [ 4 ] Bug #2442981 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442981 [ 5 ] Bug #2443051 - CVE-2026-27902 pgadmin4: Svelte: Cross-Site Scripting via unsanitized error output [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2443051 [ 6 ] Bug #2444801 - pgadmin4-9.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2444801 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-220c4ca745' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update to pgadmin4-9.13 enhances PostgreSQL management with critical fixes including XSS and performance issues.. pgAdmin administration PostgreSQL management tool. . LinuxSecurity.com Team

Calendar%202 Mar 16, 2026 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here