2 matches found
CVE-2026-56281
Capgo before 12.128.2 contains a SQL injection in POST /private/admin_stats: the limit parameter is destructured from an unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform admin credentials can inject SQ...
PT-2024-13729 · Couchbase · Couchbase Server
Name of the Vulnerable Software and Affected Versions: Couchbase Server versions 7.1.x through 7.2.3 Description: The issue concerns the lack of authentication requirement for certain API endpoints. Specifically, the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost do not...