CVE-2026-1337
- EPSS 0.01%
- Veröffentlicht 06.02.2026 13:13:19
- Zuletzt bearbeitet 24.02.2026 21:21:55
Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but thi...
CVE-2024-34517
- EPSS 0.21%
- Veröffentlicht 07.05.2024 18:15:08
- Zuletzt bearbeitet 21.04.2025 14:12:09
The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.
CVE-2021-34371
- EPSS 64.92%
- Veröffentlicht 05.08.2021 20:15:09
- Zuletzt bearbeitet 21.11.2024 06:10:15
Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploit...
CVE-2018-18389
- EPSS 0.76%
- Veröffentlicht 16.10.2018 18:29:01
- Zuletzt bearbeitet 21.11.2024 03:55:51
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid usernam...
CVE-2013-7259
- EPSS 0.27%
- Veröffentlicht 29.04.2014 14:38:47
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/gr...