Lucene search
+L

75 matches found

github
github
added 3 days ago16 views

Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching

Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app. Details...

7.5CVSS6.1AI score
Exploits0References3Affected Software1
cvelist
cvelist
added last week33 views

CVE-2026-55170 OpenFGA MySQL backend: case-insensitive collation on identifier columns causes incorrect authorization decisions

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorizationmodel identifier columns can compare case-distinct values such as...

2.1CVSS0.00248EPSS
Exploits0References5
cve
cve
added last week22 views

CVE-2026-55170

OpenFGA Open Source CVE-2026-55170 affects the MySQL datastore when decisions rely on case-sensitive user strings. The tuple, changelog, and authorization_model identifier columns can treat case-distinct values (e.g., user:Alice vs user:alice) as equivalent, potentially causing two distinct check...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References5Affected Software2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-3312

Malware in sbrugna...

9CVSS6.4AI score0.03742EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-3458

Malware in sbrugna...

7.5CVSS7.2AI score0.04852EPSS
Exploits0References23
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-28061

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00256EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-9316

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00182EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-1061

Malicious code in bioql PyPI...

4.9CVSS5.9AI score0.00581EPSS
Exploits0References5
osv
osv
added 2025/09/23 8:46 a.m.2 views

BIT-MONGODB-2025-3082 User may override a view's collation and gain unauthorized access to underlying data

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...

5.4CVSS6.8AI score0.00182EPSS
Exploits0References2
nessus
nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-3082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. Th...

5.4CVSS5.5AI score0.00182EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 2:39 a.m.5 views

CVE-2023-23997

Cross-Site Request Forgery CSRF vulnerability in Dave Jesch Database Collation Fix plugin = 1.2.7 versions...

8.8CVSS7AI score0.00256EPSS
Exploits0References1
nessus
nessus
added 2025/04/04 12:0 a.m.6 views

FreeBSD : MongoDB -- Unauthorized access to underlying data (30418b26-107f-11f0-8195-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 30418b26-107f-11f0-8195-b42e991fc52e advisory. [email protected] reports: A user authorized to access a view may be able to alter the intended collation...

5.4CVSS5.5AI score0.00182EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/04/03 11:40 a.m.10 views

CVE-2025-3082

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...

3.1CVSS7AI score0.00182EPSS
Exploits0References3
nvd
nvd
added 2025/04/01 11:15 a.m.25 views

CVE-2025-3082

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...

5.4CVSS0.00182EPSS
Exploits0References1
osv
osv
added 2025/04/01 11:15 a.m.11 views

UBUNTU-CVE-2025-3082

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References3
cvelist
cvelist
added 2025/04/01 11:8 a.m.29 views

CVE-2025-3082 User may override a view's collation and gain unauthorized access to underlying data

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...

3.1CVSS0.00182EPSS
Exploits0References1
osv
osv
added 2025/04/01 11:8 a.m.4 views

CVE-2025-3082 User may override a view's collation and gain unauthorized access to underlying data

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...

3.1CVSS5.9AI score0.00182EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/04/01 11:8 a.m.8 views

CVE-2025-3082 User may override a view's collation and gain unauthorized access to underlying data

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...

3.1CVSS7AI score0.00182EPSS
Exploits0References1
mongodb
mongodb
added 2025/04/01 8:47 a.m.186 views

User may override a view's collation and gain unauthorized access to underlying data

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...

5.4CVSS6.9AI score0.00182EPSS
Exploits0References1Affected Software1
freebsd
freebsd
added 2025/04/01 12:0 a.m.11 views

MongoDB -- Unauthorized access to underlying data

[email protected] reports: A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, Mongo...

5.4CVSS7.1AI score0.00182EPSS
Exploits0References1
Rows per page
Query Builder