Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

pgAdmin Vulnerability Exposes Millions of Databases to Remote Attacks

A critical vulnerability has been discovered in pgAdmin, a popular open-source administration and development platform for PostgreSQL databases. This security flaw allows remote attackers to execute arbitrary code, potentially compromising millions of databases worldwide. The vulnerability stems from improper input validation in the pgAdmin web interface, enabling attackers to inject malicious payloads. Users are strongly advised to update to the latest version of pgAdmin immediately to mitigate risks. This incident highlights the importance of regular software updates and vigilant security practices in database management. Organizations relying on PostgreSQL should audit their systems for signs of exploitation and apply necessary patches without delay. The cybersecurity community continues to emphasize proactive defense strategies to prevent such vulnerabilities from being exploited by threat actors.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 08 Sep 2025 12:05:22 +0000

Cyber News related to pgAdmin Vulnerability Exposes Millions of Databases to Remote Attacks

pgAdmin Vulnerability Exposes Millions of Databases to Remote Attacks - A critical vulnerability has been discovered in pgAdmin, a popular open-source administration and development platform for PostgreSQL databases. This security flaw allows remote attackers to execute arbitrary code, potentially compromising millions ...
3 hours ago Cybersecuritynews.com CVE-2024-12345

15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
4 months ago Cybersecuritynews.com

What's worse than paying extortion bot that pwned your DB? The Register - Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot - one that marks who pays up and who is not getting their data back. Origin unknown, the bot is routinely breaching ...
1 year ago Go.theregister.com

Critical pgAdmin Vulnerability Let Attackers Execute Remote Code - Security researchers have disclosed details of CVE-2025-2945, a severe Remote Code Execution (RCE) vulnerability with a CVSS score of 9.9, indicating the highest level of severity. Cyber Security News is a Dedicated News Platform For Cyber News, ...
5 months ago Cybersecuritynews.com CVE-2025-2945

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2022-4223 - The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is ...
2 years ago

CVE-2023-5002 - A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server ...
1 year ago

The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com

Vulnerability Summary for the Week of January 15, 2024 - This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. Successful attacks require human interaction from a ...
1 year ago Cisa.gov

Warfare and Geopolitics are Fuelling Denial-of-Service Attacks - The analysis is based on 310 verified Denial-of-Service incidents during the reporting period of January 2022 to August 2023. A large-scale study is also included of publicly reported incidents. The study focuses on the motivations of attackers, ...
1 year ago Enisa.europa.eu

CVE-2025-24786 - WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 ...
7 months ago Tenable.com

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. The attackers asks for a small sum to return / not publish the data, but those who ...
1 year ago Helpnetsecurity.com

Why every company needs a DDoS response plan - Today's DDoS attacks are not what they were even a few years ago, and we continue to see DDoS attacks that are framed as the largest in history. As a result, large organizations need adaptive, multilayered defense capabilities that can respond just ...
1 year ago Helpnetsecurity.com

Critical WordPress Plug-in RCE Bug Exposes Reams of Websites to Takeover - A critical unauthenticated remote control execution bug in a backup plug-in that's been downloaded more than 90,000 times exposes vulnerable WordPress sites to takeover - another example of the epidemic of risk posed by flawed plug-ins for the ...
1 year ago Darkreading.com CVE-2023-6553

The Rise of DDoS Attacks in Q3, 2023: Are You Prepared? - The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries. Over 41% of websites have shown signs of DDoS attacks ...
1 year ago Cybersecuritynews.com CVE-2023-44487 Cloak

The State of DDoS Attacks: Evolving Tactics and Targets Businesses Must Be Aware Of - Now, these attacks are becoming more dangerous, targeted, and detrimental as they evolve. As DDoS attacks become more sophisticated, adversaries are able to hone in on the most vulnerable targets, ranging from small- and medium-sized businesses to ...
1 year ago Cyberdefensemagazine.com

87% of DDoS Attacks Targeted Windows OS Devices in 2023 - Computers and servers became the primary target of attacks, making up 92% of DDoS attempts, compared to only 68% in the previous year. Attacks are also becoming shorter and less frequent, but more powerful. While the overall count in attack frequency ...
1 year ago Darkreading.com

'ResumeLooters' Attackers Steal Millions of Career Records - Attackers used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than 2 million emails and other personal records of job ...
1 year ago Darkreading.com

CVE-2025-2945 - Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy ...
5 months ago

Database Security - In today's rapidly evolving digital landscape, marked by the ascendancy of Artificial Intelligence and the ubiquity of cloud computing, the importance of database security has never been more pronounced. Effective database security strategies not ...
1 year ago Feeds.dzone.com

CVE-2023-1907 - A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously. ...
7 months ago Tenable.com

Understanding the Escalating Threat of Web DDoS Tsunami Attacks - Whether it's hacktivists conducting cyberwarfare or ransom-seeking criminals targeting vulnerable firms in financial services, retail, energy, or transportation, a new breed of destructive distributed denial of service attack - the Web DDoS Tsunami - ...
1 year ago Cyberdefensemagazine.com

Botnets Exploit Realtek SDK Bug in Millions of Attacks - Ensure Your Security - A new report has highlighted how botnets are exploiting a critical bug in the Realtek SDK, allowing attackers to access and manipulate millions of devices with alarming ease. According to Radware’s research, device owners may be vulnerable to ...
2 years ago Bleepingcomputer.com

Definition from TechTarget - Cyber attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems. They're identified as nation-state attackers, and they've been accused of attacking the IT ...
1 year ago Techtarget.com

Social Engineering Attacks: Tactics and Prevention - Social engineering attacks have become a significant concern in today's digital landscape, posing serious risks to the security and sensitive information of individuals and organizations. By comprehending these tactics and implementing preventive ...
1 year ago Securityzap.com