666 matches found
Advisory ROSA-SA-2026-3280
software: etcd 3.6.10 OS: ROSA-CHROME unaffected versions = etcd-3.6.10-1 affected versions etcd-3.6.10-1 CVE-ID: CVE-2026-33343 BDU-ID: None CVE-Crit: NO DATA CVE-DESC.: A vulnerability in etcd allows an authenticated user with limited RBAC rights to bypass key-level authorization using nested...
[SECURITY] Fedora 42 Update: valkey-8.0.9-1.fc42
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...
CVE-2026-25243
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...
GHSA-H7J7-3RX6-XVCG CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
Impact A vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information. Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...
CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
Impact A vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information. Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...
CVE-2026-33343
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...
CVE-2026-33343
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the CheckTxnAuth function. A user with RBAC restricted permissions on key ranges can gain unauthorized access to the entire data store by bypassing key-level authorization checks using nested transactions...
GHSA-38CW-85XC-XR9X Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM
Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...
SQL Injection
Overview @veramo/data-store is a Veramo data storage plugin based on TypeORM database drivers Affected versions of this package are vulnerable to SQL Injection via insufficient validation of the column parameter in the order array processed by the decorateQB function. An attacker can execute...
SQL Injection
Overview @veramo/data-store-json is a Veramo data storage based on a JSON tree Affected versions of this package are vulnerable to SQL Injection via insufficient validation of the column parameter in the order array processed by the decorateQB function. An attacker can execute arbitrary SQL queri...
EUVD-2026-2910
Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM...
@blockchain-lab-um/ssi-snap (>=1.0.3 <=1.0.7), @i3m/base-wallet (>=1.1.0 <=2.6.1) +50 more potentially affected by unknown CVE via @veramo/data-store (>=0.0.42 <=5.6.0)
@veramo/data-store NPM version =0.0.42, =1.0.3, =1.1.0, =1.1.0, =1.2.0, =1.1.0, =0.2.0, =1.0.0, =1.5.0, =1.5.1, =0.0.1, =0.11.1-next.4, =0.2.1-next.13, =0.8.1-next.272, =0.11.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-38CW-85XC-XR9X...
Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM
Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...
CVE-2019-2870
Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data...
CVE-2019-2869
Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data...
CVE-2019-2871
Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data...
CVE-2019-2868
Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data...
CVE-2024-41705
A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the...
CVE-2024-41706
A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers...