Lucene search
+L

441 matches found

Cvelist
Cvelist
added 2026/05/29 12:0 a.m.40 views

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

0.00241EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 12:0 a.m.4 views

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

6.5CVSS6AI score0.00241EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-44900

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

5.9AI score0.00241EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 7:13 p.m.11 views

MAL-2026-4499 Malicious code in bolt-delivery-menu-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc39247db76b4edd80084e400324518739f141dafda621d368c3e5a9ac41f791 Package executes a DNS-based beacon at both install time package.json scripts.install runs node index.js and on every require of the module...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 7:13 p.m.14 views

Malicious code in bolt-delivery-menu-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc39247db76b4edd80084e400324518739f141dafda621d368c3e5a9ac41f791 Package executes a DNS-based beacon at both install time package.json scripts.install runs node index.js and on every require of the module...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 7:7 p.m.12 views

GO-2026-4967 NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb

NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb...

9.8CVSS5.8AI score0.0044EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42371

NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb...

9.8CVSS5.8AI score0.0044EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/12 8:20 a.m.15 views

CVE-2026-42072

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...

9.8CVSS5.7AI score0.0044EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 5:16 p.m.21 views

CVE-2026-42072

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...

9.8CVSS0.0044EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/08 3:59 p.m.11 views

CVE-2026-42072 Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...

9.8CVSS5.7AI score0.0044EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 3:59 p.m.32 views

CVE-2026-42072

NornicDB suffers an improper network binding in the Bolt server: the Bolt listener binds to all interfaces because Bolt’s config lacked a host field, so using --address defaults to an empty host. This causes exposure of the Bolt port (default admin:password) on the LAN, enabling unauthorized remo...

9.8CVSS5.8AI score0.0044EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 3:59 p.m.4 views

CVE-2026-42072 Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...

9.8CVSS5.9AI score0.0044EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:59 p.m.8 views

CVE-2026-42072

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...

9.8CVSS5.7AI score0.0044EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/08 3:59 p.m.39 views

CVE-2026-42072 Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...

9.8CVSS0.0044EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 3:59 p.m.14 views

EUVD-2026-28808

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...

9.8CVSS5.8AI score0.0044EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.16 views

NornicDB 安全漏洞

NornicDB is a fusion database developed by TJ Sweet, which supports graph, vector, and historical data queries. Versions of NornicDB prior to 1.0.42-hotfix contained security vulnerabilities. These vulnerabilities stemmed from the Bolt listener always binding to wildcard addresses, ignoring user...

9.8CVSS5.8AI score0.0044EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 10:3 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization due to improper network binding in the ListenAndServe function. An attacker can gain unauthorized remote access and execute arbitrary database queries by connecting to the exposed Bolt server interface over the...

9.8CVSS6.1AI score0.0044EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 10:3 p.m.6 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization due to improper network binding in the ListenAndServe function. An attacker can gain unauthorized remote access and execute arbitrary database queries by connecting to the exposed Bolt server interface over the...

9.8CVSS6.1AI score0.0044EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 10:3 p.m.18 views

NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access

Summary The --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address all interfaces, regardless of what the user configures. On a LAN,...

9.8CVSS5.9AI score0.0044EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/22 10:3 p.m.6 views

GHSA-2HP7-65R3-WV54 NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access

Summary The --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address all interfaces, regardless of what the user configures. On a LAN,...

9.8CVSS5.9AI score0.0044EPSS
Exploits0References6
Rows per page
Query Builder