Lucene search
+L

16 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-59954

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to configuration data when AccessKey or management key authentication is enabled because ConfigService can accept a...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References4Affected Software1
CVE
CVE
added 4 days ago18 views

CVE-2026-59954

CVE-2026-59954 affects Apollo ConfigService. Before version 2.5.2, when AccessKey or management key authentication is enabled, the service may authorize access to configuration data via non-canonical appId variants that downstream handling resolves to the protected app (including accent-variant a...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-60109

Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app. Details...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References6
OSV
OSV
added 2024/04/24 6:47 p.m.1 views

GHSA-2GR8-3WC7-XHJ3 social-auth-app-django affected by Improper Handling of Case Sensitivity

Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix...

4.9CVSS6.5AI score0.00581EPSS
Exploits0References5
OSV
OSV
added 2024/03/01 4:58 p.m.20 views

GHSA-QW9G-7549-7WG5 Directus has MySQL accent insensitive email matching

Password reset vulnerable to accent confusion The password reset mechanism of the Directus backend is implemented in a way where combined with specific, need to double check if i can work around configuration in MySQL or MariaDB. As such, it allows attackers to receive a password reset email of a...

8.2CVSS8.1AI score0.00702EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.3 views

SUSE CVE-2019-2393

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13 and MongoDB Server v3.6 versions prior t...

6.5CVSS6.7AI score0.01233EPSS
Exploits0References3
CNVD
CNVD
added 2020/11/26 12:0 a.m.6 views

Mongodb Server Resource Management Error Vulnerability

Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server that originates from the...

6.5CVSS6.8AI score0.01233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/11/23 10:11 p.m.23 views

CVE-2019-2393

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13 and MongoDB Server v3.6 versions prior t...

6.5CVSS6.3AI score0.01233EPSS
Exploits0References3
Prion
Prion
added 2020/11/23 4:15 p.m.14 views

Design/Logic Flaw

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13 and MongoDB Server v3.6 versions prior t...

4CVSS6.3AI score0.01233EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2020/11/23 4:15 p.m.23 views

CVE-2019-2393

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13 and MongoDB Server v3.6 versions prior t...

6.5CVSS6.6AI score0.01233EPSS
Exploits0References2
OSV
OSV
added 2020/11/23 4:15 p.m.12 views

UBUNTU-CVE-2019-2393

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13 and MongoDB Server v3.6 versions prior t...

6.5CVSS5.8AI score0.01233EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/11/23 3:30 p.m.23 views

CVE-2019-2393

Removed by vendor...

6.5CVSS6.5AI score0.01233EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.3 views

PT-2020-10893 · Mongodb +1 · Mongodb Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.2.1 MongoDB Server versions prior to 4.0.13 MongoDB Server versions prior to 3.6.15 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted...

7.5CVSS5.8AI score0.01655EPSS
Exploits2References29
CNNVD
CNNVD
added 2020/11/23 12:0 a.m.10 views

MongoDB 资源管理错误漏洞

Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server that originates from the...

6.5CVSS6.7AI score0.01233EPSS
Exploits0References3
Citrix
Citrix
added 2019/10/25 12:0 a.m.13 views

FAQ: Recommended database collations for Citrix Products

What are the DB collations supported by different Citrix Products? Product| Collation that ends with ---|--- Virtual Apps and Desktops 7| CIASKS XenApp/Virtual Apps 6.5| CIASKS and CP1CIAS Provisioning 7| CP1CIAS Workspace Environment Management WEM| CIAI Session Recording| CIAS...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/05/17 12:0 a.m.62 views

Freelance Cockpit CRM 3.3.1 SQL Injection

=========================================================================================== Exploit Title: Freelance Cockpit CRM - SQL Inj. Dork: N/A Date: 17-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.freelancecockpit.com/ Software Link: https://www.freelancecockpit.com...

0.2AI score
Exploits0
Rows per page
Query Builder