CVE-2026-34976 Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

PT-2024-40997 · Podofo · Podofo

Name of the Vulnerable Software and Affected Versions: podofo affected versions not specified Description: The issue concerns the validation of encrypt dictionary parameters in PdfEncrypt and the handling of invalid XRef stream entries in PdfXRefStreamParserObject. Additionally, there is a cleanu...