Lucene search
K

5 matches found

CVE
CVE
added 2026/06/19 7:28 p.m.33 views

CVE-2026-48772

ProxySQL (versions 2.0.0–3.0.8) is vulnerable to a PROXY protocol v1 UNKNOWN frame bypass. The frontend accepts the PROXY UNKNOWN header and, despite the spec requiring ignoring the address fields, ProxySQL parses them via sscanf and writes a spoofed source address into the session, feeding i...

10CVSS5.8AI score0.00185EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/10 9:31 p.m.15 views

Temporal does not enforce authentication and authorization for the streaming AdminService/StreamWorkflowReplicationMessages endpoint

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

6.3CVSS5.8AI score0.0051EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/10 9:31 p.m.1 views

GHSA-Q98V-9F9W-F49Q Temporal does not enforce authentication and authorization for the streaming AdminService/StreamWorkflowReplicationMessages endpoint

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

6.3CVSS5.8AI score0.0051EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/10 9:6 p.m.3 views

CVE-2026-5724 Missing Authentication on Streaming gRPC Replication Endpoint

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

6.3CVSS5.8AI score0.0051EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 9:6 p.m.24 views

CVE-2026-5724

The CVE-2026-5724 issue is a missing authorization check on the streaming gRPC replication endpoint. The frontend gRPC server’s streaming interceptor chain omits the authorization interceptor, so when ClaimMapper and Authorizer are configured, unary RPCs enforce auth, but the streaming AdminServi...

6.3CVSS5.8AI score0.0051EPSS
Exploits0References3
Rows per page
Query Builder