Vulnerability

Overview CVE-2025-13116 is a medium-severity vulnerability affecting macrozheng’s mall-swarm, specifically versions up to 1.0.3. This vulnerability resides in the cancelUserOrder function located in the /order/cancelUserOrder endpoint. An attacker can exploit this flaw by manipulating the orderId parameter, leading to improper authorization and potentially allowing the cancellation of orders belonging to other users. A proof-of-concept exploit … Read more

Overview CVE-2025-13115 describes a medium severity improper authorization vulnerability found in macrozheng mall-swarm up to version 1.0.3. This flaw allows an attacker to potentially access order details without proper authorization by manipulating the orderId parameter within the /order/detail/ endpoint. This vulnerability can be exploited remotely and has a publicly available exploit, increasing the risk of … Read more

Overview CVE-2025-13114 is a medium severity vulnerability affecting macrozheng’s mall-swarm, specifically versions up to 1.0.3. This vulnerability allows for improper authorization when updating attributes via the updateAttr function in the /cart/update/attr file. A remote attacker can exploit this flaw, potentially leading to unauthorized modification of cart attributes and possibly affecting order processing and pricing. The … Read more

Overview A reflected Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-40681, has been discovered in xCally Omnichannel version 3.30.1. This vulnerability allows an attacker to inject malicious JavaScript code into a user’s browser by crafting a specially designed URL. When a user clicks on this malicious URL, the injected script will execute, potentially leading to data … Read more

Overview A critical security vulnerability, identified as CVE-2025-12818, has been discovered in the PostgreSQL libpq client library. This integer wraparound vulnerability can lead to an out-of-bounds write, potentially causing a segmentation fault and impacting the stability of applications using the affected libpq versions. It’s crucial to update your PostgreSQL installations to a patched version as … Read more

Overview CVE-2025-12817 is a low-severity vulnerability affecting the CREATE STATISTICS command in PostgreSQL. This missing authorization issue allows a table owner to potentially cause a denial of service (DoS) against other users who utilize the CREATE STATISTICS command. By creating statistics with the same name in any schema, a later CREATE STATISTICS command from a … Read more

Overview CVE-2025-12765 identifies a high-severity vulnerability in pgAdmin versions 9.9 and earlier. This flaw resides within the LDAP authentication mechanism and allows attackers to potentially bypass TLS certificate verification, leading to unauthorized access. This vulnerability was published on 2025-11-13T13:15:45.037. Technical Details The vulnerability stems from insufficient validation of TLS certificates during the LDAP authentication process. … Read more

Overview A high-severity LDAP injection vulnerability, identified as CVE-2025-12764, has been discovered in pgAdmin versions 9.9 and earlier. This flaw allows attackers to inject special LDAP characters into the username field during the LDAP authentication process. Successful exploitation can lead to a denial-of-service (DoS) condition on the Directory Controller (DC) or LDAP server due to … Read more

Overview A critical vulnerability, identified as CVE-2025-12763, has been discovered in pgAdmin 4 versions up to 9.9 when running on Windows systems. This vulnerability allows attackers to execute arbitrary system commands due to a command injection flaw during backup and restore operations. Users of pgAdmin 4 on Windows are strongly advised to upgrade to a … Read more

Overview A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-12762, has been discovered in pgAdmin versions up to 9.9. This vulnerability poses a significant threat as it allows attackers to execute arbitrary commands on the server hosting pgAdmin when running in server mode and performing restores from PLAIN-format dump files. Successfully exploiting this flaw … Read more