Lucene search
K

1303 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/13 12:0 a.m.5 views

CVE-2025-69633

A SQL Injection vulnerability in the Advanced Popup Creator advancedpopupcreator module for PrestaShop 1.1.26 through 1.2.6 Fixed in version 1.2.7 allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is...

6.4AI score0.00358EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/13 12:0 a.m.3 views

CVE-2025-69633

A SQL Injection vulnerability in the Advanced Popup Creator advancedpopupcreator module for PrestaShop 1.1.26 through 1.2.6 Fixed in version 1.2.7 allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is...

6.4AI score0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.7 views

PT-2026-8039

Name of the Vulnerable Software and Affected Versions PrestaShop Advanced Popup Creator module versions 1.1.26 through 1.2.6 Description A SQL Injection issue exists in the Advanced Popup Creator module for PrestaShop. The issue is due to unsanitized data being passed to SQL queries within the...

6.1AI score0.00358EPSS
Exploits0References5
CVE
CVE
added 2026/02/13 12:0 a.m.11 views

CVE-2025-69633

CVE-2025-69633 is a SQL injection vulnerability in the PrestaShop Advanced Popup Creator module, affecting versions 1.1.26–1.2.6 (fixed in 1.2.7). The flaw allows remote, unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller, with the ...

9.8CVSS6.4AI score0.00358EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/12 2:16 p.m.5 views

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS5.9AI score0.00785EPSS
Exploits0References4
Veracode
Veracode
added 2026/02/04 6:55 a.m.7 views

Prototype Pollution

nocodb is vulnerable to prototype pollution. The vulnerability is due to improper handling of user-controlled input in the /api/v2/meta/connection/test endpoint, which allows an authenticated attacker with org-level-creator permissions to pollute object prototypes and cause application-wide...

4.9CVSS5.5AI score0.00348EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/02/03 5:47 a.m.4 views

WordPress Child Theme Creator by Orbisius plugin <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete vulnerability

Missing Authorization to Authenticated Subscriber+ Cloud Snippet Update/Delete vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Child Theme Creator versions = 1.5.5...

4.3CVSS5.4AI score0.0034EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/29 10:15 p.m.5 views

CVE-2026-25040

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

8.8CVSS0.00523EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/29 9:33 p.m.4 views

CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.5AI score0.00523EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/29 9:33 p.m.26 views

CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS0.00523EPSS
Exploits1References3
OSV
OSV
added 2026/01/29 9:33 p.m.5 views

CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.9AI score0.00523EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:33 p.m.5 views

CVE-2026-25040

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.9AI score0.00523EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/29 9:20 p.m.8 views

CVE-2026-24766

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.5 views

PT-2026-5360

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.26.4 Description Budibase is a low code platform used for building internal tools, workflows, and admin panels. A Creator-level user, normally lacking UI permissions to invite users, can manipulate API requests to...

7.1CVSS6AI score0.00523EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/01/28 9:41 p.m.26 views

NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS

Summary An authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server restart. While the pollution technically bypasses SUPERADMIN authorization...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/01/28 8:47 p.m.4 views

Prototype Pollution

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Prototype Pollution via the deepMerge function in utils/dataUtils.ts file. An attacker can cause all database write operations to fail application-wide until the server is restarted by sending crafted requests to this...

6.9CVSS6.5AI score0.00348EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/28 8:27 p.m.4 views

CVE-2026-24766 NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 8:27 p.m.8 views

CVE-2026-24766

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/01/28 8:27 p.m.9 views

EUVD-2026-4872

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/28 8:27 p.m.27 views

CVE-2026-24766 NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS0.00348EPSS
Exploits1References1
Rows per page
Query Builder