78 matches found
Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields
The recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachAction and AssociateAction. However, the built-in validation rule for these fields did not apply the same scope. As a result, a user who can trigger these actions could tamper with the...
PT-2026-48811
The recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachAction and AssociateAction. However, the built-in validation rule for these fields did not apply the same scope. As a result, a user who can trigger these actions could tamper with the...
High-Precision APT Malware Attribution with Out-Of-Scope Resilience
Early attribution of Advanced Persistent Threat APT activity can help defenders prioritise investigation, select countermeasures, and reduce the impact of an intrusion. Malware provides useful attribution evidence, but automated APT malware attribution remains difficult in practice. Existing...
CVE-2026-45718
Budibase (open-source low-code platform) fixed in 3.38.1 a vulnerability in the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger). Before 3.38.1, the endpoint did not validate that the provided rowId was within the view’s filters, allowing a user with access to a ...
CVE-2026-45718 Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row...
CVE-2026-45718 Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm/crc-t10dif: Fixed the use of an array that was used outside of its scope in crct10difarch. Fixed a silly bug where an array was used beyond its scope...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm64/crc-t10dif: Fixed the use of an array that was used outside of its scope in crct10difarch. Fixed a silly bug where an array was used beyond its scope...
NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows vulnerability discovered by ? in WordPress Npm budibase versions 3.38.1...
Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
Summary The row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including ro...
Advanced-AI-Recon-and-Exploit-Framework
reNgine: The Ultimate Web Reconnaissance & Vulnerability Scanner...
CVE-2026-5374
An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...
GO-2026-4781 Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju
Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju...
GO-2026-4777 Juju has unauthorized access to out-of-scope Kubernetes secrets in github.com/juju/juju
Juju has unauthorized access to out-of-scope Kubernetes secrets in github.com/juju/juju...
GHSA-439W-V2P7-PGGC Juju has unauthorized access to out-of-scope Kubernetes secrets
Summary Grantee is able to update secret content using the secret-set tool due to broad Kubernetes access policy. Implications are that it is possible, knowing a Kubernetes secret identifier e.g. name, to patch without affecting the secret, revealing the value, or, patching while affecting the...
SUSE CVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle's agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out-of-scope containers for example, env=prod on the same agen...
CVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...
CVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...
CVE-2026-24740
CVE-2026-24740 summary (Dozzle) : Dozzle’s agent-backed shell endpoints permit a user restricted by a per-user label filter (for example, label=env=dev) to obtain an interactive root shell in containers outside the user’s label scope (for example, env=prod) on the same agent host. The root cause ...
CVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...