3 matches found
CVE-2026-56235 Capgo - Unauthenticated Cross-Tenant Metrics Disclosure via RPC Functions
Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...
CVE-2026-7891
The CVE-2026-7891 entry documents an authorization misconfiguration in The VerySecureApp (DIVD) built with Mendix Studio Pro 11.8.0 Beta. Anonymous users in the MyFirstModule, tied to the anonymous user role, can access all stored records even when no explicit access rights exist for that role. T...
CVE-2026-7891
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...