Lucene search
K

87123 matches found

Snyk
Snyk
added 2026/04/24 8:20 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /debug/vars endpoint, which exposes the process command line including sensitive startup flags. An attacker can gain unauthorized access to admin-only endpoints by retrieving the admin token and replaying it...

9.8CVSS5.3AI score0.02187EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 8:20 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /debug/vars endpoint, which exposes the process command line including sensitive startup flags. An attacker can gain unauthorized access to admin-only endpoints by retrieving the admin token and replaying it...

9.8CVSS5.3AI score0.02187EPSS
Exploits1References2
NVD
NVD
added 2026/04/24 7:17 p.m.9 views

CVE-2026-41492

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

9.8CVSS0.02187EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/24 6:29 p.m.53 views

CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

9.8CVSS0.02187EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/24 6:29 p.m.5 views

EUVD-2026-25599

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

9.8CVSS5.3AI score0.02187EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 6:29 p.m.9 views

CVE-2026-41492

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

9.8CVSS5.4AI score0.02187EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 6:29 p.m.5 views

CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

9.8CVSS5.3AI score0.02187EPSS
Exploits1References2
CVE
CVE
added 2026/04/24 6:29 p.m.29 views

CVE-2026-41492

CVE-2026-41492 affects Dgraph Alpha prior to 25.3.3, where the unauthenticated /debug/vars endpoint exposes the process command line and, via the exposed admin token from startup flags, can be replayed in the X-Dgraph-AuthToken header to access admin-only endpoints. The issue is a variant of a pr...

9.8CVSS5.3AI score0.02187EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/04/24 5:16 p.m.4 views

CVE-2026-6911

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

9.8CVSS0.00254EPSS
Exploits0References3
NVD
NVD
added 2026/04/24 5:16 p.m.3 views

CVE-2026-6912

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

8.8CVSS0.00419EPSS
Exploits0References3
NVD
NVD
added 2026/04/24 4:16 p.m.5 views

CVE-2026-39920

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS0.0054EPSS
Exploits0References5
OSV
OSV
added 2026/04/24 4:15 p.m.4 views

GHSA-VVF7-6RMR-M29Q Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars

Summary Dgraph v25.3.2 still exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can retrieve that token and replay it in the...

9.8CVSS5.8AI score0.02187EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/24 4:15 p.m.11 views

Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars

Summary Dgraph v25.3.2 still exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can retrieve that token and replay it in the...

9.8CVSS5.5AI score0.02187EPSS
Exploits1References4Affected Software3
Vulnrichment
Vulnrichment
added 2026/04/24 4:11 p.m.3 views

CVE-2026-6912 Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

8.8CVSS5.5AI score0.00419EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/24 4:11 p.m.23 views

CVE-2026-6912 Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

8.8CVSS0.00419EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 4:11 p.m.3 views

CVE-2026-6912

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

8.8CVSS5.5AI score0.00419EPSS
Exploits0References4
CVE
CVE
added 2026/04/24 4:11 p.m.10 views

CVE-2026-6912

The CVE-2026-6912 affects AWS Ops Wheel prior to PR #165, where access to dynamically determined Cognito User Pool attributes can be abused. The root cause is improper control over updates to object attributes, enabling remote authenticated users to escalate to deployment-admin privileges by craf...

8.8CVSS5.5AI score0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 4:11 p.m.5 views

EUVD-2026-25577

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

8.8CVSS5.5AI score0.00419EPSS
Exploits0References3
CVE
CVE
added 2026/04/24 4:8 p.m.20 views

CVE-2026-6911

The CVE-2026-6911 issue in AWS Ops Wheel involves missing JWT signature verification, enabling unauthenticated attackers to forge tokens and gain administrative access across tenants. The vulnerability affects the API Gateway path used by Ops Wheel, with potential read/modify/delete rights over a...

9.8CVSS5.4AI score0.00254EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 4:8 p.m.5 views

CVE-2026-6911

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

9.8CVSS5.4AI score0.00254EPSS
Exploits0References4
Rows per page
Query Builder