630 matches found
GHSA-PX2C-R924-MWCC Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates
The Couchbase .NET SDK client library before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default...
CVE-2025-49015
The Couchbase .NET SDK client library before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default...
CVE-2025-49015
The Couchbase .NET SDK client library before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default...
CVE-2025-49015
The CVE-2025-49015 entry concerns the Couchbase .NET SDK (client library) prior to 3.7.1 that does not properly enable hostname verification for TLS certificates, and was configured to use IP addresses instead of hostnames by default. Reported impact is exposure to MITM via TLS misconfig, with co...
Couchbase .NET SDK 安全漏洞
The Couchbase .NET SDK is a software development kit for .NET developers from Couchbase, Inc. A security vulnerability exists in Couchbase .NET SDK versions prior to 3.7.1 that stems from hostname validation not being properly enabled, which could lead to a man-in-the-middle attack...
CVE-2025-49015
The Couchbase .NET SDK client library before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default...
CVE-2025-49015
The Couchbase .NET SDK client library before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default...
PT-2025-26166 · Couchbase · Couchbase .Net Sdk
Name of the Vulnerable Software and Affected Versions: Couchbase .NET SDK versions prior to 3.7.1 Description: The issue concerns the Couchbase .NET SDK's failure to properly enable hostname verification for TLS certificates. Additionally, the SDK was using IP addresses instead of hostnames due t...
SQL Injection
Overview llama-index-vector-stores-couchbase is a LlamaIndex VectorStores Integration: Couchbase Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access ...
com.adobe.api.platform.runtime:mesos-actor (>=0.0.32 <=0.0.33), com.ing.baker:baker-runtime_2.12 (>=3.0.3 <=3.6.3) +104 more potentially affected by CVE-2025-46548 via com.lightbend.akka.management:akka-management_2.12 (>=0.7 <=1.4.1)
com.lightbend.akka.management:akka-management2.12 MAVEN version =0.7, =0.0.32, =3.0.3, =3.6.0, =3.3.0, =0.7, =0.7, =1.1.3, =1.0.6, =2.0.0-M1, =0.0.0-NIGHTLY01122020, =0.0.0-NIGHTLY01122020, =back-to-core-SNAPSHOT-4 and more Source cves: CVE-2025-46548 Sour...
CVE-2024-23302
Couchbase Server before 7.2.4 has a private key leak in goxdcr.log...
CVE-2024-37034
An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value KV service using SCRAM-SHA when remote link encryption is configured for Half-Secure...
CVE-2024-56178
An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the securityadminlocal role can create a new user in a group that has the admin role...
CVE-2024-25673
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection...
CVE-2023-49930
An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted...
CVE-2023-36667
Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal...
CVE-2023-45875
An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...
CVE-2023-28470
In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication...
CVE-2023-45874
An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service outage of reader threads...
CVE-2022-32559
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics...