Résumé
SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field
Références
Vulnérabilités liées
Tout Supply chain →- LOWGHSA-97PR-9HGG-3P8R
parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change
- CRITICALGHSA-CCV6-R384-XP75
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
- MEDIUMGHSA-PR33-38XX-6R26
http4k: BasicCookieStorage` (renamed `InsecureCookieStorage`) did not enforce RFC 6265 cookie scoping; new `DefaultCookieStorage` is now the default
- MEDIUMGHSA-JR33-MW75-7J8F
dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens
- MEDIUMGHSA-FCW4-WWQM-M8CF
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName
- HIGHGHSA-JXCW-QP4H-6JFQ
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default