26 matches found
GHSA-5CVP-P7P4-MCX9 Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass
Neotoma versions starting at v0.6.0 can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the...
PT-2026-41689
Name of the Vulnerable Software and Affected Versions Neotoma versions 0.6.0 through 0.11.0 Description Neotoma can treat public reverse-proxied requests as local when the application receives them over a loopback socket and no Bearer token is present. This occurs in deployments behind a reverse...
SOCpilot: Verifying Policy Compliance for LLM-Assisted Incident Response
Security operations centers SOCs are beginning to use large language models LLMs as copilots to draft incident-response plans. These plans may include actions that are valid per the catalog but still violate mandatory steps, required ordering, or approval gates before analyst review. SOCpilot mak...
EUVD-2026-8821
Vitess users with backup storage access can write to arbitrary file paths on restore...
CVE-2026-27969
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...
CVE-2026-27969
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...
Apache HugeGraph-Server 安全漏洞
Apache HugeGraph-Server is a server-side process for graph databases from the Apache Foundation. Apache HugeGraph-Server suffers from a deserialization vulnerability that stems from insecure Hessian deserialization in the PD store, which can be exploited by an attacker to cause remote code...
The Privacy Gap in API Security: Why Protecting APIs Shouldn’t Put Your Data at Risk
The more critical APIs become, the more sensitive data they carry identities, payment details, health records, customer preferences, tokens, keys, and more. And this is where organizations face a painful, often invisible problem: To protect APIs, many organizations end up exposing the very data...
Product Walkthrough: How Satori Secures Sensitive Data From Production to AI
Every week seems to bring news of another data breach, and it's no surprise why: securing sensitive data has become harder than ever. And it's not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across...
HackerOne: HackerOne Staging uses Production data for testing
Summary: Today I received an email related to smart rewards from HackerOne. This included staging environment details, such as: sender: [email protected] Privacy / Terms links pointing to domain: https://www.enorekcah.com/... This basically tells us that HackerOne is using hacker dat...
AUVESY Versiondog has an unspecified vulnerability (CNVD-2021-82935)
AUVESY Versiondog is an automated production data and change management software solution from AUVESY Germany. a security vulnerability exists in AUVESY Versiondog that could be exploited by an attacker to rewrite memory anywhere in the affected product...
AUVESY Versiondog Code Issue Vulnerability (CNVD-2021-82930)
AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. AUVESY Versiondog has a code issue vulnerability that could be exploited by an attacker to hijack a loaded DLL...
AUVESY Versiondog has an unspecified vulnerability (CNVD-2021-82939)
AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. A security vulnerability exists in AUVESY Versiondog that could be exploited by attackers to extract keys from binaries...
AUVESY Versiondog Out-of-Bounds Reading Vulnerability
An out-of-bounds read vulnerability exists in AUVESY Versiondog, an automated production data and change management software solution from AUVESY Germany, which can be exploited by attackers to specify any offset and read out-of-bounds data...
AUVESY Versiondog has an unspecified vulnerability (CNVD-2021-82927)
AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. A security vulnerability exists in AUVESY Versiondog that could be exploited by an attacker to cause the manipulation and/or deletion of files...
AUVESY Versiondog Input Validation Error Vulnerability
AUVESY Versiondog, an automated production data and change management software solution from AUVESY Germany, is vulnerable to an input validation error that stems from the fact that the affected product's operating system service does not validate any given parameter, which could be exploited by ...
AUVESY Versiondog Resource Management Error Vulnerability
AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. A resource management error vulnerability exists in AUVESY Versiondog, which could be exploited by an attacker to cause a post-release usage condition...
AUVESY Versiondog has an unspecified vulnerability
AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. A security vulnerability exists in AUVESY Versiondog, which could be exploited by attackers to gain SYSDBA privileges...
AUVESY Versiondog Resource Management Error Vulnerability (CNVD-2021-82931)
AUVESY Versiondog is an automated production data and change management software solution from AUVESY Germany. a resource management error vulnerability exists in AUVESY Versiondog, which can be exploited by attackers to allocate unlimited memory buffers using API functions...
Microsoft Office缓冲区错误漏洞
AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. A buffer overflow vulnerability exists in AUVESY Versiondog, which can be exploited by attackers to cause a stack overflow...