Gowri Shankar

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Urgent: Reflected XSS Vulnerability Discovered in xCally Omnichannel v3.30.1 (CVE-2025-40681)

by

Overview A reflected Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-40681, has been discovered in xCally Omnichannel version 3.30.1. This vulnerability allows an attacker to inject malicious JavaScript code into a user’s browser by crafting a specially designed URL. When a user clicks on this malicious URL, the injected script will execute, potentially leading to data … Read more

Urgent: PostgreSQL libpq Integer Overflow Vulnerability (CVE-2025-12818) – Patch Immediately!

by

Overview A critical security vulnerability, identified as CVE-2025-12818, has been discovered in the PostgreSQL libpq client library. This integer wraparound vulnerability can lead to an out-of-bounds write, potentially causing a segmentation fault and impacting the stability of applications using the affected libpq versions. It’s crucial to update your PostgreSQL installations to a patched version as … Read more

CVE-2025-12817: PostgreSQL CREATE STATISTICS Command Vulnerability: A Denial of Service Threat

by

Overview CVE-2025-12817 is a low-severity vulnerability affecting the CREATE STATISTICS command in PostgreSQL. This missing authorization issue allows a table owner to potentially cause a denial of service (DoS) against other users who utilize the CREATE STATISTICS command. By creating statistics with the same name in any schema, a later CREATE STATISTICS command from a … Read more

CVE-2025-12765: Critical LDAP Authentication Bypass Vulnerability in pgAdmin

by

Overview CVE-2025-12765 identifies a high-severity vulnerability in pgAdmin versions 9.9 and earlier. This flaw resides within the LDAP authentication mechanism and allows attackers to potentially bypass TLS certificate verification, leading to unauthorized access. This vulnerability was published on 2025-11-13T13:15:45.037. Technical Details The vulnerability stems from insufficient validation of TLS certificates during the LDAP authentication process. … Read more

Critical LDAP Injection Vulnerability Discovered in pgAdmin (CVE-2025-12764)

by

Overview A high-severity LDAP injection vulnerability, identified as CVE-2025-12764, has been discovered in pgAdmin versions 9.9 and earlier. This flaw allows attackers to inject special LDAP characters into the username field during the LDAP authentication process. Successful exploitation can lead to a denial-of-service (DoS) condition on the Directory Controller (DC) or LDAP server due to … Read more

Beware! Command Injection Vulnerability in pgAdmin 4 Affecting Windows Users (CVE-2025-12763)

by

Overview A critical vulnerability, identified as CVE-2025-12763, has been discovered in pgAdmin 4 versions up to 9.9 when running on Windows systems. This vulnerability allows attackers to execute arbitrary system commands due to a command injection flaw during backup and restore operations. Users of pgAdmin 4 on Windows are strongly advised to upgrade to a … Read more

Urgent: Critical RCE Vulnerability in pgAdmin (CVE-2025-12762)

by

Overview A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-12762, has been discovered in pgAdmin versions up to 9.9. This vulnerability poses a significant threat as it allows attackers to execute arbitrary commands on the server hosting pgAdmin when running in server mode and performing restores from PLAIN-format dump files. Successfully exploiting this flaw … Read more

CVE-2025-12377: Envira Photo Gallery Vulnerability – Secure Your WordPress Images!

by

Overview CVE-2025-12377 describes a security vulnerability found in the Envira Photo Gallery plugin for WordPress. This vulnerability allows authenticated attackers with Author-level access or higher to perform unauthorized modifications to data, such as removing images from arbitrary galleries. The issue stems from a missing capability check on several functions within the plugin. This vulnerability affects … Read more

Zoom Under Attack: Privilege Escalation Vulnerability in VDI Client (CVE-2025-64740)

by

Overview This article provides a detailed analysis of CVE-2025-64740, a security vulnerability affecting the Zoom Workplace VDI Client for Windows. Specifically, the flaw stems from improper verification of cryptographic signatures within the installer. This improper validation may allow a local, authenticated user to elevate their privileges on the system. Technical Details CVE-2025-64740 centers around the … Read more

CVE-2025-13119: Critical CSRF Vulnerability Exposes Simple E-Banking System

by

Overview CVE-2025-13119 identifies a Cross-Site Request Forgery (CSRF) vulnerability present in Fabian Ros/SourceCodester Simple E-Banking System version 1.0. This flaw allows an attacker to potentially execute unauthorized actions on behalf of legitimate users, posing a significant security risk. The exploit is remotely triggerable and publicly available, making prompt mitigation essential. Technical Details The vulnerability exists … Read more