Lucene search
K

9 matches found

CVE
CVE
added 2026/06/26 2:38 p.m.17 views

CVE-2026-56773

CVE-2026-56773 concerns Teable’s v2 REST API controller, where missing @Permissions metadata on ORPC endpoints allows any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases/tables via endpoints like GET /ap...

8.8CVSS5.8AI score0.00371EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 2:38 p.m.4 views

CVE-2026-56773 Teable - Missing Authorization in v2 REST API

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...

8.7CVSS6AI score0.00371EPSS
Exploits0References6
NVD
NVD
added 2026/05/29 4:16 p.m.16 views

CVE-2018-25391

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/modpengurus/aksipengurus.php module=pengurus&act=hapus and...

8.7CVSS0.00332EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.32 views

CVE-2018-25391 HaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record Deletion

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/modpengurus/aksipengurus.php module=pengurus&act=hapus and...

8.7CVSS0.00332EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.11 views

EUVD-2018-21913

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/modpengurus/aksipengurus.php module=pengurus&act=hapus and...

8.7CVSS5.9AI score0.00332EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44869

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/mod pengurus/aksi pengurus.php module=pengurus&act=hapus and...

8.7CVSS5.9AI score0.00332EPSS
Exploits0References5
OSV
OSV
added 2026/04/08 1:6 a.m.1 views

CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References104
OSV
OSV
added 2021/10/06 8:15 p.m.6 views

CVE-2021-34766

A vulnerability in the web UI of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the Syst...

8.8CVSS5.8AI score0.00943EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/10 12:0 a.m.6 views

WordPress Simple Student Result Authentication Bypass Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Simple Student Result plugin is one of the student performance management system plugin . An authentication bypass...

7.5CVSS7.5AI score0.01801EPSS
Exploits2References1
Rows per page
Query Builder