Lucene search
K

21 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51020

Name of the Vulnerable Software and Affected Versions Mercator versions prior to 2025.05.19 Description The Query Engine allows authenticated users to execute queries via a JSON DSL Domain Specific Language, which is a specialized language used to define data queries. The controller method...

7.1CVSS5.9AI score0.00281EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.10 views

CVE-2026-8335

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/06 10:52 p.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...

8.7CVSS5.6AI score0.00407EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/06 10:52 p.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...

8.7CVSS5.6AI score0.00407EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/06 10:52 p.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...

8.7CVSS5.6AI score0.00407EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/17 4:23 a.m.14 views

CVE-2026-1023

Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents...

8.7CVSS7.1AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/25 8:56 p.m.12 views

CVE-2024-14007

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated...

8.7CVSS7.1AI score0.00769EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 9:15 p.m.7 views

CVE-2025-64173

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

7.5CVSS0.00284EPSS
Exploits0References3
OSV
OSV
added 2025/11/06 8:42 p.m.4 views

CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

7.5CVSS6.9AI score0.00284EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/11/06 3:47 p.m.10 views

Apollo Router Affected by an Access Control Bypass on Polymorphic Types

Summary A vulnerability in Apollo Router allowed for unauthenticated queries to access data that required additional access controls. Router incorrectly handled access control directives on interface types/fields and their implementing object types/fields, applying them to interface types/fields...

7.5CVSS6.9AI score0.00284EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45376

Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.11 and earlier Apollo Router Core versions 2.0.0-alpha.0 through 2.8.1-rc.0 Description Apollo Router Core, a configurable graph router written in Rust for Apollo Federation 2, had an access control issue. The...

7.5CVSS6.8AI score0.00284EPSS
Exploits0References15
CNNVD
CNNVD
added 2022/11/17 12:0 a.m.6 views

BKG Professional NtripCaster 访问控制错误漏洞

BKG Professional NtripCaster is an application organized by the Federal Agency for Cartography and Geodesy in Germany. It allows the distribution of GNSS real-time data streams over the Internet. A security vulnerability exists in BKG Professional NtripCaster version 2.0.39, which originates from...

7.5CVSS7.3AI score0.00661EPSS
Exploits0References3
OSV
OSV
added 2022/11/10 9:35 p.m.16 views

GHSA-3P7G-WRGG-WQ45 GraphQL queries can expose password hashes

Impact Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and editors. Patches Affected versions: Ibexa DXP v3.3., v4.2., eZ Platform v2.5.\ Resolving versions: Ibexa...

7.1AI score
Exploits0References4
NVD
NVD
added 2022/11/10 9:15 p.m.38 views

CVE-2022-41876

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...

7.5CVSS0.01295EPSS
Exploits1References1
Prion
Prion
added 2022/11/10 9:15 p.m.23 views

Design/Logic Flaw

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...

5CVSS5.3AI score0.01295EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/10 12:0 a.m.5 views

PT-2022-28184 · Ez Systems +1 · Ez Platform +1

Name of the Vulnerable Software and Affected Versions: Ibexa DXP versions 3.3. through 3.3.27 Ibexa DXP versions 4.2. through 4.2.2 eZ Platform versions 2.5. through 2.5.30 Description: Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...

7.4AI score
Exploits0References5
Cvelist
Cvelist
added 2022/11/10 12:0 a.m.40 views

CVE-2022-41876 ezplatform-graphql GraphQL queries can expose password hashes

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...

7.5CVSS7.8AI score0.01295EPSS
Exploits1References1
OSV
OSV
added 2022/11/10 12:0 a.m.25 views

CVE-2022-41876 ezplatform-graphql GraphQL queries can expose password hashes

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...

7.5CVSS5.5AI score0.01295EPSS
Exploits1References3
CVE
CVE
added 2022/11/10 12:0 a.m.118 views

CVE-2022-41876

CVE-2022-41876 affects ezplatform-graphql (Ibexa DXP and Ibexa Open Source). The vulnerability is caused by insecure storage that allows unauthenticated GraphQL queries to expose user password hashes (typically for admins/editors). Patches exist in Ibexa/DXP versions 2.3.12 and 1.0.13 on the 1.X ...

7.5CVSS5.6AI score0.01295EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/05 4:15 p.m.4 views

CVE-2022-2531

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing...

5.3CVSS6AI score0.01092EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder