5 matches found
Authorization Bypass Through User-Controlled Key
Overview @withstudiocms/api-spec is an API Specification for StudioCMS Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the DELETE /studiocmsapi/dashboard/api-tokens endpoint. An attacker can revoke API tokens belonging to other users,...
StudioCMS 安全漏洞
StudioCMS is StudioCMS open source a content management system . A denial of service vulnerability exists in StudioCMS. The vulnerability stems from insufficient DELETE /studiocmsapi/dashboard/api-tokens endpoint validation, which can be exploited by an attacker to cause a denial of service...
CVE-2026-28361
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This issue has been patched in...
GHSA-P9X3-W98F-7J3Q NocoDB Missing Ownership Validation in MCP Token Operations
Summary The MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. Details McpTokenService.get, regenerateToken, and delete did not filter by fkuserid. The analogous...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from improper...