CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3227 matches found

RedhatCVE•added 2026/04/13 7:24 p.m.•0 views

CVE-2026-5724

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

6.3CVSS5.8AI score0.00037EPSS

Exploits0References1

Schneier on Security•added 2026/04/13 4:52 p.m.•4 views

On Anthropic’s Mythos Preview and Project Glasswing

The cybersecurity industry is obsessing over Anthropic's new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run the model against a whol...

5.8AI score

Exploits0

Snyk•added 2026/04/10 10:7 p.m.•1 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the AdminService/StreamWorkflowReplicationMessages endpoint. An attacker can access replication streams and exfiltrate data by connecting to the frontend gRPC server without providing...

6.3CVSS5.8AI score0.00037EPSS

Exploits0References2

Snyk•added 2026/04/10 10:7 p.m.•1 views

Missing Authentication for Critical Function

6.3CVSS5.8AI score0.00037EPSS

Exploits0References2

Snyk•added 2026/04/10 10:7 p.m.•1 views

Missing Authentication for Critical Function

6.3CVSS5.8AI score0.00037EPSS

Exploits0References2

Snyk•added 2026/04/10 10:7 p.m.•1 views

Missing Authentication for Critical Function

6.3CVSS5.8AI score0.00037EPSS

Exploits0References2

Github Security Blog•added 2026/04/10 9:31 p.m.•11 views

Temporal does not enforce authentication and authorization for the streaming AdminService/StreamWorkflowReplicationMessages endpoint

6.3CVSS5.8AI score0.00037EPSS

Exploits0References5Affected Software1

EUVD•added 2026/04/10 9:31 p.m.•1 views

EUVD-2026-21607

6.3CVSS5.8AI score0.00037EPSS

Exploits0References4

OSV•added 2026/04/10 9:31 p.m.•0 views

GHSA-Q98V-9F9W-F49Q Temporal does not enforce authentication and authorization for the streaming AdminService/StreamWorkflowReplicationMessages endpoint

6.3CVSS5.8AI score0.00037EPSS

Exploits0References5

NVD•added 2026/04/10 9:16 p.m.•3 views

CVE-2026-5724

6.3CVSS0.00037EPSS

Exploits0References3

Cvelist•added 2026/04/10 9:6 p.m.•14 views

CVE-2026-5724 Missing Authentication on Streaming gRPC Replication Endpoint

6.3CVSS0.00037EPSS

Exploits0References3

Vulnrichment•added 2026/04/10 9:6 p.m.•1 views

CVE-2026-5724 Missing Authentication on Streaming gRPC Replication Endpoint

6.3CVSS5.8AI score0.00037EPSS

Exploits0References3

CVE•added 2026/04/10 9:6 p.m.•13 views

CVE-2026-5724

The CVE-2026-5724 issue is a missing authorization check on the streaming gRPC replication endpoint. The frontend gRPC server’s streaming interceptor chain omits the authorization interceptor, so when ClaimMapper and Authorizer are configured, unary RPCs enforce auth, but the streaming AdminServi...

6.3CVSS5.8AI score0.00037EPSS

Exploits0References3

ATTACKERKB•added 2026/04/10 9:6 p.m.•1 views

CVE-2026-5724

6.3CVSS5.8AI score0.00037EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/04/10 12:0 a.m.•3 views

Temporal 安全漏洞

Temporal is an open-source persistence execution platform developed by temporal.io. There is a security vulnerability in temporal, which stems from the fact that the streaming interceptor chain of the frontend gRPC server does not include an authorization interceptor. As a result, when configurin...

6.3CVSS5.9AI score0.00037EPSS

Exploits0References4

Positive Technologies•added 2026/04/10 12:0 a.m.•1 views

PT-2026-32045

Name of the Vulnerable Software and Affected Versions Temporal versions affected versions not specified Description The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce...

6.3CVSS5.8AI score0.00037EPSS

Exploits0References8

Github Security Blog•added 2026/04/08 3:4 p.m.•3 views

kcp's cache server is accessible without authentication or authorization checks

Summary The cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. Details The cache server is routed in the pre-mux chain in the shard code. The...

9.1CVSS5.9AI score0.00114EPSS

Exploits1References5Affected Software1

CNNVD•added 2026/04/07 12:0 a.m.•3 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to alpha.90 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in multi-part replication paths, which could allow low-privilege users to bypass...

5.3CVSS5.8AI score0.00034EPSS

Exploits1References1

SUSE CVE•added 2026/04/06 11:24 p.m.•1 views

SUSE CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS5.7AI score0.00029EPSS

Exploits0References3

OSV•added 2026/04/06 9:26 a.m.•1 views

BIT-MINIO-2026-34204 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers

MinIO is a high-performance object storage system. Prior to version 2026.03.26, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication- headers on a normal...

7.1CVSS5.8AI score0.00029EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by