4 matches found
CVE-2026-40173
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...
CVE-2026-40173
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...
PT-2026-33176
Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.2 Description An unauthenticated credential disclosure exists where the '/debug/pprof/cmdline' endpoint is registered on the default mux and accessible without authentication. This exposes the full process command...
The vulnerability of the SpiceDB database, related to deficiencies in the error reporting mechanism, allows an intruder to gain unauthorized access to protected information.
The vulnerability of the SpiceDB database is related to deficiencies in the mechanism for generating error reports when processing the /debug/pprof/cmdline command with the --grpc-preshared-key parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...