Vulnerabilidades en YugabyteDB Inc
6 resultadosCVE-2025-8862HIGHYugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigatEPSS 0.3%CVE-2025-8866MEDIUMYugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attackEPSS 0.3%CVE-2025-8863HIGHYugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmissionEPSS 0.2%CVE-2026-1966LOWYugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UIEPSS 0.2%CVE-2025-8864MEDIUMShared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logsEPSS 0.2%CVE-2025-8865MEDIUMThe YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain EPSS 0.1%