SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the GraphCypherQAChain class. An attacker can manipulate, delete, or create data, disrupt services, and compromise database integrity by injecting malicious SQL commands into prompts. Note: This vulnerability impac...

Exploit for Improper Access Control in Apache Hugegraph

Remote Code Execution vulnerability in Apache HugeGraph Server...

The vulnerability of the Apache HugeGraph graph database server, related to the ability to bypass the authentication process, allows attackers to execute arbitrary code.

The vulnerability of the Apache HugeGraph graph database server relates to the bypassing of the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code...

CVE-2024-32001

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or...

CVE-2024-32001

Summary: CVE-2024-32001 affects SpiceDB. A bug in relations of the form folder: folder | folder#parent, when the same subject type is used multiple times and an arrow is used over the relation, can cause LookupSubjects to return only a subset of subjects. This affects any user making a negative a...

CVE-2024-32001 SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or...

FalconHound - A Blue Team Multi-Tool. It Allows You To Utilize And Enhance The Power Of Blo odHound In A More Automated Fashion

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool. One of the challenging aspects of BloodHound is that it is a snapshot in time...

New Cyber Platform Lab 1 Decodes Dark Web Data to Uncover Hidden Supply Chain Breaches

2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis. Nonetheless,...

GHSA-6WXG-WH7F-RQPR XML External Entity (XXE) vulnerability in apoc.import.graphml

Impact A XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity XXE injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was...

Apache AGE SQL注入漏洞

Apache AGE is a PostgreSQL extension from the Apache Foundation that provides graphical database functionality. An SQL injection vulnerability exists in the Apache AGE driver, which stems from an inability to parameterize passed values, leading to SQL injection...

GUAC - Aggregates Software Security Metadata Into A High Fidelity Graph Database

Note: GUAC is under active development - if you are interested in contributing, please look at contributor guide and the "express interest" issue Graph for Understanding Artifact Composition GUAC aggregates software security metadata into a high fidelity graph database—normalizing entity identiti...

CVE-2022-23532

CVE-2022-23532 describes a path traversal vulnerability in the APOC library for Neo4j, specifically in the apoc.export.* procedures. The issue allows an attacker who can run arbitrary Cypher (or has app Cypher injection) to break out of the intended directory and create arbitrary files (overwriti...

CVE-2022-23532 neo4j-apoc-procedures is vulnerable to path traversal

APOC Awesome Procedures on Cypher is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...

GHSA-5V8V-GWMW-QW97 org.neo4j.procedure:apoc Path Traversal Vulnerability

Impact A Path Traversal Vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only be created but not overwritten. For the...

nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services

nuvola with the lowercase n is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digita...

Neo4j Graph apoc plugins Partial Path Traversal Vulnerability

Impact A partial Directory Traversal Vulnerability found in apoc.log.stream function of apoc plugins in Neo4j Graph database. This issue allows a malicious actor to potentially break out of the expected directory. The impact is limited to sibling directories. For example,...

GHSA-78F9-745F-278P Neo4j Graph apoc plugins Partial Path Traversal Vulnerability

Impact A partial Directory Traversal Vulnerability found in apoc.log.stream function of apoc plugins in Neo4j Graph database. This issue allows a malicious actor to potentially break out of the expected directory. The impact is limited to sibling directories. For example,...

Improper Privilege Management in Neo4j Graph Database

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 could allow authenticated users to execute commands with elevated privileges...

GHSA-2W4H-F44W-968F Improper Privilege Management in Neo4j Graph Database

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 could allow authenticated users to execute commands with elevated privileges...

CVE-2021-42767

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...