CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

NVD•added 2023/04/26 9:15 p.m.•12 views

CVE-2023-30843

Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a...

7.4CVSS7.4AI score0.00426EPSS

Exploits0References2

Prion•added 2023/04/26 9:15 p.m.•8 views

Design/Logic Flaw

4CVSS6.4AI score0.00426EPSS

Exploits0References2Affected Software1

OSV•added 2023/04/26 8:32 p.m.•13 views

CVE-2023-30843 Payload's hidden fields can be leaked on readable collections

7.4CVSS6.6AI score0.00426EPSS

Exploits0References4

Cvelist•added 2023/04/26 8:32 p.m.•15 views

CVE-2023-30843 Payload's hidden fields can be leaked on readable collections

7.4CVSS7.6AI score0.00426EPSS

Exploits0References2

Github Security Blog•added 2023/04/26 7:45 p.m.•20 views

Hidden fields can be leaked on readable collections in Payload

Details If a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Affected versions: 1.7.0 Workarounds If you are unable to update, you can write a beforeOperation hook to remove where queries...

7.4CVSS5.9AI score0.00426EPSS

Exploits0References4Affected Software1

OSV•added 2023/04/26 7:45 p.m.•12 views

GHSA-35JJ-VQCF-F2JF Hidden fields can be leaked on readable collections in Payload

7.4CVSS6.7AI score0.00426EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by