Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/06/20 3:24 p.m.31 views

CVE-2026-56282 Capgo - Information Disclosure via Unauthenticated /replication Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive...

6.9CVSS0.00239EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.5 views

CVE-2026-56282

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38120

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 3:24 p.m.26 views

CVE-2026-56282

Capgo before 12.128.2 has an information-disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry (e.g., replication slot names, confirmed_flush_lsn, restart_lsn) and database error messages. Access to this endpoint does not requ...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 10:7 p.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the AdminService/StreamWorkflowReplicationMessages endpoint. An attacker can access replication streams and exfiltrate data by connecting to the frontend gRPC server without providing...

6.3CVSS5.8AI score0.00527EPSS
Exploits0References2
NVD
NVD
added 2026/04/10 9:16 p.m.8 views

CVE-2026-5724

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

6.3CVSS0.00527EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/10 9:6 p.m.4 views

CVE-2026-5724 Missing Authentication on Streaming gRPC Replication Endpoint

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

6.3CVSS6AI score0.00527EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.5 views

PT-2024-27790 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue involves improper neutralisation of Server-Side Includes SSI through Device Synchronizations at the "/admin/DeviceReplication" API endpoint. This could allow a remote user to execute arbitrar...

6.6CVSS6.8AI score0.00652EPSS
Exploits0References6
Rows per page
Query Builder