Lucene search
K

11 matches found

GithubExploit
GithubExploit
added 2026/06/12 2:57 a.m.84 views

Exploit for CVE-2026-46645

CVE-2026-46645 - SQLAdmin ajaxlookup Authorization Bypass...

4.3CVSS5.7AI score0.00279EPSS
Exploits1
EUVD
EUVD
added 2026/06/10 10:23 p.m.18 views

EUVD-2026-36168

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

4.3CVSS5.4AI score0.00279EPSS
Exploits1References4
CVE
CVE
added 2026/06/10 10:23 p.m.40 views

CVE-2026-46645

SQLAdmin (for SQLAlchemy) contains an authorization bypass in the ajax_lookup endpoint prior to version 0.25.1, where is_accessible() is bypassed, allowing an authenticated user to query a model’s data despite access restrictions. The issue affects ajax_lookup specifically and was mitigated by pa...

4.3CVSS5.4AI score0.00279EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/10 10:23 p.m.33 views

CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

4.3CVSS0.00279EPSS
Exploits1References4
OSV
OSV
added 2026/06/10 10:23 p.m.3 views

CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

4.3CVSS5.9AI score0.00279EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/06/10 10:23 p.m.8 views

CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

4.3CVSS5.4AI score0.00279EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

SQLAlchemy Admin 安全漏洞

SQLAlchemy Admin is an open-source SQLAlchemy model management interface tool developed by Smithy HQ. Versions of SQLAlchemy Admin prior to 0.25.1 contained a security vulnerability. This vulnerability stemmed from the ajaxlookup endpoint in the application.py file, which bypassed the isaccessibl...

4.3CVSS5.3AI score0.00279EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/21 9:31 p.m.10 views

Missing Authorization

Overview sqladmin is a SQLAlchemy admin for FastAPI and Starlette Affected versions of this package are vulnerable to Missing Authorization in the ajaxlookup endpoint due to missing enforcement of access control checks. An attacker can access restricted model data by sending requests to the...

5.3CVSS5.3AI score0.00279EPSS
Exploits1References2
OSV
OSV
added 2026/05/21 9:31 p.m.13 views

GHSA-54MC-GGHV-4CFJ SQLAdmin: Authorization Bypass on `ajax_lookup`

Impact The ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user can still query that model's data through the ajaxlookup endpoint — silently...

4.3CVSS5.8AI score0.00279EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42694

Name of the Vulnerable Software and Affected Versions SQLAdmin versions prior to 0.25.1 Description The ajax lookup endpoint in application.py bypasses the is accessible access control check enforced by other endpoints. If a developer restricts model access by overriding is accessible, an...

4.3CVSS5.5AI score0.00279EPSS
Exploits1References8
Packet Storm
Packet Storm
added 2019/06/03 12:0 a.m.116 views

Dell KACE System Management Appliance (SMA) XSS / SQL Injection

Exploit Title: Dell Kace Appliance Multiple Vulnerabilities Date: 12/04/2018 Exploit Author: SlidingWindow, Twitter: @kapilkhot Vendor Homepage: https://www.quest.com/products/kace-systems-management-appliance/ Affected Versions: KACE SMA versions prior to 9.0.270 PATCH SEC201820180410 Tested on:...

0.8AI score0.12206EPSS
Exploits6
Rows per page
Query Builder