6 matches found
CVE-2026-25958
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14...
CVE-2026-25958 Cube privilege escalation via a specially crafted request
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14...
CVE-2026-25958 Cube privilege escalation via a specially crafted request
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14...
CVE-2026-25957
CVE-2026-25957 affects Cube versions from 1.1.17 up to (but not including) 1.5.13 and 1.4.2, where a specially crafted request can make the entire Cube API unavailable. The issue is fixed in 1.5.13 and 1.4.2. Impact is availability disruption; no confidentiality or integrity impact is indicated. ...
Teradek Slice 7.3.15 - Cross-Site Request Forgery
Teradek Slice 7.3.15 - Cross-Site Request Forgery...
EC-CUBE Server-Side Request Forgery Vulnerability
LOCKON EC-CUBE is an open source e-commerce website building platform developed by LOCKON Co. The platform supports product login, user evaluation, artwork layout and so on. A server-side request forgery vulnerability exists in EC-CUBE version 2.12.6en-p1, which can be exploited by remote attacke...