Lucene search
K

3 matches found

Cvelist
Cvelist
added 2026/06/22 9:46 p.m.23 views

CVE-2026-48067 Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields

Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from filament/tables 3.0.0 until 3.3.51, the recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachActio...

6.5CVSS0.00178EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 8:26 p.m.7 views

GHSA-7Q3W-XQJW-G3CR Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields

The recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachAction and AssociateAction. However, the built-in validation rule for these fields did not apply the same scope. As a result, a user who can trigger these actions could tamper with the...

6.5CVSS5.4AI score0.00178EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/11 8:26 p.m.10 views

Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields

The recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachAction and AssociateAction. However, the built-in validation rule for these fields did not apply the same scope. As a result, a user who can trigger these actions could tamper with the...

6.5CVSS5.4AI score0.00178EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder