Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.8 views

Neo4j < 5.26.21 Information Disclosure Vulnerability (CVE-2026-1622)

According to its self-reported version number, the version of Neo4j running on the remote host is a version prior to 5.26.21. It is, therefore, affected by a information disclosure vulnerability where The obfuscateliterals option in the query logs does not redact error information, exposing...

4.8CVSS5.5AI score0.00144EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/04 12:31 p.m.8 views

br.com.caelum.vraptor:vraptor-neo4j (=0.9.0), com.brinkus.labs:labs-cloud-starter-neo4j (>=1.2.0 <=1.4.0) +482 more potentially affected by CVE-2026-1622 via org.neo4j:neo4j (>=1.3 <=5.26.20)

org.neo4j:neo4j MAVEN version =1.3, =1.2.0, =1.12.0-M1, =2.0.0, =1.4.0, =1.4.0, =2.1.0, =2.1.0, =1.12.0-M1, =1.2.0, =1.12.0-M1, =1.0.0, =1.0.0, =1.1.4 and more Source cves: CVE-2026-1622 Source advisory: OSV:GHSA-4J3G-RWWQ-4P54...

4.8CVSS5.7AI score0.00144EPSS
Exploits0
OSV
OSV
added 2026/02/04 12:31 p.m.5 views

GHSA-4J3G-RWWQ-4P54 Neo4j Enterprise and Community vulnerable to a potential information disclosure

Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscateliterals" option in the query logs does not redact error information, exposing unredacted dat...

4.8CVSS5.9AI score0.00144EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/04 9:14 a.m.6 views

CVE-2026-1622

Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscateliterals" option in the query logs does not redact error information, exposing unredacted dat...

4.8CVSS5.5AI score0.00144EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/01/22 3:16 p.m.8 views

CVE-2025-12738

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...

5.3CVSS0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.10 views

CVE-2022-23532

APOC Awesome Procedures on Cypher is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...

7.1CVSS6.9AI score0.00658EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-7037

Malware in sbrugna...

6.8CVSS6.4AI score0.01253EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0647

Malicious code in bioql PyPI...

8.1CVSS7.9AI score0.00889EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/12 12:20 a.m.13 views

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

7.5CVSS7.2AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 p.m.11 views

CVE-2021-34371

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

9.8CVSS7.9AI score0.13386EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/16 12:0 a.m.9 views

CVE-2023-23926

APOC Awesome Procedures on Cypher is an add-on library for Neo4j. An XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 4.4 branch in Neo4j graph database. XML External Entity XXE injection occurs when the XML...

5.9CVSS7.2AI score0.00889EPSS
Exploits0References4
OSV
OSV
added 2022/05/17 4:38 a.m.8 views

GHSA-X626-Q4V7-7XC6 Neo4J vulnerable to Cross-Site Request Forgery

Multiple cross-site request forgery CSRF vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to 1 db/data/ext/GremlinPlugin/graphdb/executescript or 2 db/manage/server/console/...

9.3CVSS7.7AI score0.01253EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2021/09/01 6:31 p.m.5 views

br.com.caelum.vraptor:vraptor-neo4j (=0.9.0), com.brinkus.labs:labs-cloud-starter-neo4j (>=1.2.0 <=1.4.0) +410 more potentially affected by CVE-2021-34371 via org.neo4j:neo4j (>=1.3 <=3.5.0-rc01)

org.neo4j:neo4j MAVEN version =1.3, =1.2.0, =1.4.0, =1.4.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0, =1.2.0, =1.2.0, =1.6.0-RC1 and more Source cves: CVE-2021-34371 Source advisory: OSV:GHSA-PC4W-8V5J-29W9...

9.8CVSS7.2AI score0.13386EPSS
Exploits1
CNNVD
CNNVD
added 2021/08/05 12:0 a.m.6 views

Neo4j 代码问题漏洞

Neo4j is a Java-based and fully ACID-compatible graphical database from Neo4j, Inc. that supports data migration, add-ons, and more. A code issue vulnerability exists in neo4j that originates from an RMI service that arbitrarily deserializes Java objects. An attacker exploiting this vulnerability...

9.8CVSS8.8AI score0.13386EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/07/30 12:0 a.m.6 views

Neo4j 安全漏洞

Neo4j is a Java-based and fully ACID-compatible graph database from Neo4j, which supports data migration, add-ons, etc. A security vulnerability exists in Neo4j Graph Database versions 4.2 and 4.3, which stems from a failure to reset the security environment during certain transaction operations ...

8.8CVSS5.8AI score0.01038EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2018/12/20 10:2 p.m.7 views

com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv3 (>=1.4.0 <=1.6.0-RC1), com.buschmais.jqassistant.neo4jserver:neo4jv3 (>=1.4.0 <=1.6.0-RC1) +8 more potentially affected by CVE-2018-1000820 via org.neo4j.procedure:apoc (>=3.4.0.1 <=3.4.0.3)

org.neo4j.procedure:apoc MAVEN version =3.4.0.1, =1.4.0, =1.4.0, =1.4.0, =1.6.0-RC1 - io.codekontor.slizaa.extensions:slizaa-extensions-jtype =1.0.0.M3 - io.codekontor.slizaa.extensions:slizaa-extensions-jtype-scanner-apoc =1.0.0.M3 - io.codekontor.slizaa.extensions:slizaa-extensions-neo4j...

10CVSS7.2AI score0.01873EPSS
Exploits0
Rows per page
Query Builder