pgAdmin 4 versions prior to 9.16 contain four critical vulnerabilities — stored XSS, absent CSRF enforcement, a SQL injection flaw, and an AI Assistant read-only bypass — that collectively expose PostgreSQL database administration environments to session hijacking, arbitrary query manipulation, and unauthorized write operations against managed databases. Any organization running pgAdmin 4 as a database management interface should prioritize upgrading to version 9.16.