19 matches found
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
CVE-2026-1023
Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents...
CVE-2024-14007
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated...
CVE-2025-64173
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...
CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...
Apollo Router Affected by an Access Control Bypass on Polymorphic Types
Summary A vulnerability in Apollo Router allowed for unauthenticated queries to access data that required additional access controls. Router incorrectly handled access control directives on interface types/fields and their implementing object types/fields, applying them to interface types/fields...
PT-2025-45376
Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.11 and earlier Apollo Router Core versions 2.0.0-alpha.0 through 2.8.1-rc.0 Description Apollo Router Core, a configurable graph router written in Rust for Apollo Federation 2, had an access control issue. The...
BKG Professional NtripCaster 访问控制错误漏洞
BKG Professional NtripCaster is an application organized by the Federal Agency for Cartography and Geodesy in Germany. It allows the distribution of GNSS real-time data streams over the Internet. A security vulnerability exists in BKG Professional NtripCaster version 2.0.39, which originates from...
GHSA-3P7G-WRGG-WQ45 GraphQL queries can expose password hashes
Impact Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and editors. Patches Affected versions: Ibexa DXP v3.3., v4.2., eZ Platform v2.5.\ Resolving versions: Ibexa...
CVE-2022-41876
ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...
Design/Logic Flaw
ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...
CVE-2022-41876
CVE-2022-41876 affects ezplatform-graphql (Ibexa DXP and Ibexa Open Source). The vulnerability is caused by insecure storage that allows unauthenticated GraphQL queries to expose user password hashes (typically for admins/editors). Patches exist in Ibexa/DXP versions 2.3.12 and 1.0.13 on the 1.X ...
CVE-2022-41876 ezplatform-graphql GraphQL queries can expose password hashes
ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...
PT-2022-28184 · Ez Systems +1 · Ez Platform +1
Name of the Vulnerable Software and Affected Versions: Ibexa DXP versions 3.3. through 3.3.27 Ibexa DXP versions 4.2. through 4.2.2 eZ Platform versions 2.5. through 2.5.30 Description: Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...
CVE-2022-41876 ezplatform-graphql GraphQL queries can expose password hashes
ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...
CVE-2022-2531
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing...
PT-2020-15811 · Powerdns +1 · Powerdns Authoritative +2
Name of the Vulnerable Software and Affected Versions: PowerDNS Authoritative versions prior to 4.3.0 Description: A denial of service issue was discovered when the --enable-experimental-gss-tsig option is used. This allows a remote, unauthenticated attacker to cause a denial of service by sendin...