Lucene search
+L

5 matches found

CVE
CVE
added 2026/07/07 9:29 p.m.16 views

CVE-2026-54698

Hasura CVE-2026-54698 describes a row-level authorization bypass on table computed fields. Before versions 2.49.2 and 2.45.5, a user could use a where clause on a table computed field (returning SETOF some_table) to infer rows that should be filtered for their role according to some_table’s row-l...

6CVSS5.9AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 9:29 p.m.7 views

CVE-2026-54698 Hasura: Row-level authorization bypass on table computed fields

Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on a table computed field returning SETOF sometable to infer row values that ought to be filtered for their role based on sometable's row-level permissions. While...

6CVSS5.9AI score0.0017EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-49574

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.0081EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/08 12:0 a.m.12 views

CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

6.9AI score0.0081EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.11 views

PT-2022-27980 · Hasura · Hasura Graphql Engine

Name of the Vulnerable Software and Affected Versions: Hasura GraphQL Engine versions prior to 2.10.0 are not affected, but versions from 2.10.0 through 2.15.1 are affected, excluding fixed versions 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. To simplify, the affected versions are: Hasura...

8.8CVSS9AI score0.0081EPSS
Exploits0References9
Rows per page
Query Builder