Lucene search
+L

31 matches found

Snyk
Snyk
added 2026/07/08 4:38 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.6 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.8 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 5:16 p.m.32 views

CVE-2026-56782

Gorse before 0.5.10 contains an authentication bypass vulnerability affecting the /api/dump and /api/restore endpoints. When admin_api_key is empty (default configuration), unauthenticated remote attackers can access protected functionality, enabling either exfiltration of the entire database (in...

9.8CVSS5.8AI score0.03016EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39271

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The 'POST /api/v1/retrieval/process/web' endpoint accepts a user-supplied collection name and an overwrite query parameter, which defaults to True. The system fails to perform authorization checks...

8.1CVSS5.8AI score0.00295EPSS
Exploits1References12
Github Security Blog
Github Security Blog
added 2026/05/06 7:57 p.m.24 views

Mezo: ERC-20 bridgeOut burn can be erased by a stale StateDB overwrite leading to full L1 bridge drain

Note: the fixed version of the validator client has been deployed for some time. Impact Potential full drain of L1 bridge without changing bridged balance on Mezo. Brief/Intro A malicious user can steal all ERC-20 tokens locked in the L1 bridge by repeatedly calling the bridgeOut precompile from ...

5.9AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/18 12:41 a.m.3 views

CVE-2026-35465

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

8.1CVSS6.1AI score0.00995EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/06 5:17 p.m.10 views

CVE-2026-34976

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

10CVSS0.00452EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 4:12 p.m.2 views

CVE-2026-34976 Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

10CVSS5.9AI score0.00452EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 4:12 p.m.22 views

CVE-2026-34976 Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

10CVSS0.00452EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 4:12 p.m.33 views

CVE-2026-34976

CVE-2026-34976 affects Dgraph prior to 25.3.1 where the restoreTenant admin mutation is missing from the authorization middleware, allowing an unauthenticated attacker to specify attacker-controlled backup locations (including file://), S3/MinIO credentials, encryption key paths, and Vault IDs. T...

10CVSS5.9AI score0.00452EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/04/06 4:12 p.m.4 views

CVE-2026-34976 Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

10CVSS7.2AI score0.00452EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/02 8:44 p.m.12 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing restoreTenant from the adminMutationMWConfig. An attacker can overwrite the entire database, read arbitrary server-side files, and perform server-side request forgery by sending crafted requests to t...

10CVSS5.9AI score0.00452EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/02 8:44 p.m.8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing restoreTenant from the adminMutationMWConfig. An attacker can overwrite the entire database, read arbitrary server-side files, and perform server-side request forgery by sending crafted requests to t...

10CVSS5.9AI score0.00452EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/02 8:44 p.m.7 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing restoreTenant from the adminMutationMWConfig. An attacker can overwrite the entire database, read arbitrary server-side files, and perform server-side request forgery by sending crafted requests to t...

10CVSS5.9AI score0.00452EPSS
Exploits1References2
OSV
OSV
added 2026/04/02 8:44 p.m.4 views

GHSA-P5RH-VMHP-GVCW Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

10CVSS6AI score0.00452EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/02 8:44 p.m.5 views

Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

10CVSS6AI score0.00452EPSS
Exploits1References5Affected Software3
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29916

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

10CVSS6AI score
Exploits0References5
NVD
NVD
added 2026/01/28 12:15 a.m.7 views

CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...

8.2CVSS0.00134EPSS
Exploits2References2
Rows per page
Query Builder