Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:13 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Authentication Bypass Using an Alternate Path or Channel (CVE-2026-22731, CVE-2026-22733)

Summary There are vulnerabilities in spring-boot-actuator-autoconfigure-3.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22731, CVE-2026-22733. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with...

8.2CVSS7.6AI score0.0036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-2026-22751)

Summary There are vulnerabilities in spring-security-core-6.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22751. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-22751 DESCRIPTION: Vulnerability in Spring Spring Security. Applications that...

4.8CVSS5.2AI score0.00124EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/11 8:28 p.m.6 views

GHSA-8396-JFFM-QX4W OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning

Description In OpenFGA, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. Preconditions This applies if the following preconditions are present: - FGA runs with...

5CVSS5.5AI score0.00101EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/29 3:59 p.m.8 views

Server-side Request Forgery (SSRF)

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the shouldBypassProxy function. An attacker can access internal or metadata endpoints by crafting request URLs in...

8.6CVSS5.8AI score0.00889EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.4 views

PT-2023-29711 · Unknown · Artifact Hub

Name of the Vulnerable Software and Affected Versions: Artifact Hub versions prior to 1.16.0 Description: Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. It includes a fine-grained authorization mechanism that...

5.3CVSS7.3AI score0.00519EPSS
Exploits0References13
Rows per page
Query Builder