Lucene search
K

8 matches found

Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55664 Grist: Insufficient access control in the /forms endpoint exposes table metadata

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actually a form. A user with only partial read access, includin...

4.3CVSS0.00243EPSS
Exploits0References3
CVE
CVE
added 4 days ago6 views

CVE-2026-55664

Summary: Grist ≤ 1.7.14 permits reading table/column metadata via GET /forms without enforcing document access rules, potentially exposing widget metadata even in documents with no forms. Impact (as stated): A user with partial read access (including public access on a public document) could reve...

4.3CVSS6.1AI score0.00243EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: The issue of using NULL for folio handling in movepageshugepmd has been fixed. movepageshugepmd handles UFFDIOMOVE operations for both normal THPs and huge zero pages. For the huge zero page, srcfolio is explicitly...

7.8CVSS5.1AI score0.00119EPSS
Exploits0References2
CVE
CVE
added 2026/05/15 6:24 p.m.20 views

CVE-2026-44719

Mathesar (Web app for PostgreSQL) fixed a privilege check vulnerability in versions 0.2.0–0.09.x. Endpoints such as collaborators.list, tables.metadata.list, explorations.list, and forms.list accepted a database_id without verifying that the requester was a collaborator, allowing an authenticated...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Mathesar 安全漏洞

Mathesar is an open-source PostgreSQL data collaboration and editing tool developed by the Mathesar Foundation. Versions of Mathesar from 0.2.0 to 0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification that the requesting user was indeed a database...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2018/11/21 10:24 p.m.2 views

GHSA-JMF4-PQ78-F8VJ Moderate severity vulnerability that affects org.apache.hive:hive-jdbc

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4.3CVSS6AI score0.01988EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2018/11/21 10:24 p.m.39 views

Moderate severity vulnerability that affects org.apache.hive:hive-jdbc

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4.3CVSS2.5AI score0.01988EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2018/11/09 12:0 a.m.6 views

Apache Hive Hive EXPLAIN Query Unauthorized Vulnerability

Apache Hive is a set of Hadoop Distributed Systems Infrastructure based data warehouse software from the Apache Apache Software Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A...

4.3CVSS4.9AI score0.01988EPSS
Exploits0References1
Rows per page
Query Builder