8 matches found
CVE-2026-49189
CVE-2026-49189 involves unchecked public access permissions on a core Broadcast Receiver, enabling unauthorized local software components to invoke administrative operations. The available documents identify the vulnerable component as a Broadcast Receiver and describe the root cause as permissio...
CVE-2026-49189 Broadcast Receiver Privilege Escalation
Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...
CVE-2026-35413
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQLINTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries schema, type. However, the serverspecsgraphql resolver on the /graphql/system endpoint...
GHSA-849R-QRWJ-8RV4 Directus allows unauthenticated access to WebSocket events and operations
Summary When setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions with full admin privileges. Details Accountability for unauthenticated WebSocket requests is set to null, which used to be "publi...
Azure Blob Storage Detected
Azure Blob Storage is a public cloud storage service available in Microsoft Azure which provides a programmatic way to store and retrieve data objects in storage accounts. Web applications often rely on blob storage to serve static assets images or scripts for example or to store application...
Amazon S3 Bucket Detected
Amazon Simple Storage Service S3 is a public cloud storage service available in Amazon Web Services AWS which provides a programmatic way to store and retrieve data objects in storage containers called buckets. Web applications often rely on storage buckets to serve static assets images or script...
IBM DB2数据库JAR文件处理多个拒绝服务漏洞
BUGTRAQ ID: 28835 IBM DB2是一个大型的商业关系数据库系统,面向电子商务、商业资讯、内容管理、客户关系管理等应用,可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。 DB2的RECOVERJAR和REMOVEJAR过程处理畸形参数数据时存在漏洞,如果用特殊参数调用了RECOVERJAR和REMOVEJAR过程的话,就可能导致DB2例程崩溃。 任何DB2数据库用户都可以利用这个漏洞,因为默认为这两个过程分配了PUBLIC权限。 IBM DB2 Universal Database 9.5 IBM DB2 Universal Database...
Team SHATTER Security Advisory: Multiple DoS in JAR files manipulation procedures
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Multiple DoS in JAR files manipulation procedures April 17th 2008 Risk Level: High Affected versions: All versions of IBM DB2 Database Server on Windows platform. Remote exploitable: Yes Authentication to Database Server...