Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/05/07 12:7 a.m.18 views

OpenSearch has a bypass of REST Layer Authorization Using Malformed Paths

Description A flaw was identified in the OpenSearch REST layer that could allow authorization checks to be bypassed when processing certain malformed HTTP requests. This could permit unauthorized access to restricted API endpoints in environments that rely on REST-layer authorization...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/07 12:7 a.m.6 views

GHSA-83X9-VC3C-HGHC OpenSearch has a bypass of REST Layer Authorization Using Malformed Paths

Description A flaw was identified in the OpenSearch REST layer that could allow authorization checks to be bypassed when processing certain malformed HTTP requests. This could permit unauthorized access to restricted API endpoints in environments that rely on REST-layer authorization...

3.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/01/02 3:26 p.m.5 views

User Impersonation

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to User Impersonation via the access request system. An attacker can obtain elevated privileges and impersonate trusted devices by submitting misleading descriptions,...

8.8CVSS6.8AI score0.00272EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/02 3:23 p.m.4 views

Arbitrary Code Injection

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Arbitrary Code Injection via the appstore.js REST API endpoint, which allows the installation of npm packages using unsanitized version specifiers. An administrator...

8.6CVSS7.9AI score0.00645EPSS
Exploits1References2
Snyk
Snyk
added 2023/02/22 10:31 a.m.8 views

Arbitrary Code Execution

Overview MongoDB.Driver is an Official .NET driver for MongoDB. Affected versions of this package are vulnerable to Arbitrary Code Execution via ObjectSerializer when deserializing a compromised object. Exploiting this vulnerability allows a privileged user to cause arbitrary code execution, whic...

7.2CVSS7.5AI score0.01049EPSS
Exploits0References2
Rows per page
Query Builder