Lucene search
K

4 matches found

CVE
CVE
added yesterday8 views

CVE-2026-14645

CVE-2026-14645 : Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the Webhook: Global capability. The product does not validate the destination URL of the configured Webhook: Global before making an outbound HTTP request, enabling a user with the Capability Administratio...

5.1CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.30 views

CVE-2026-56235 Capgo - Unauthenticated Cross-Tenant Metrics Disclosure via RPC Functions

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 9:7 p.m.59 views

CVE-2026-7891

A vulnerability has been identified in Mendix Runtime All versions. Mendix documentation for access rules does not adequately describe the special behavior of the System.User entity, leaving developers without sufficient guidance to configure access rules securely. This documentation gap may lead...

9.1CVSS0.00273EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 9:7 p.m.33 views

CVE-2026-7891

The CVE-2026-7891 entry documents an authorization misconfiguration in The VerySecureApp (DIVD) built with Mendix Studio Pro 11.8.0 Beta. Anonymous users in the MyFirstModule, tied to the anonymous user role, can access all stored records even when no explicit access rights exist for that role. T...

9.1CVSS6AI score0.00273EPSS
Exploits0References3
Rows per page
Query Builder