33 matches found
CVE-2026-44718
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
CVE-2026-44718
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
CVE-2026-44719
Mathesar (Web app for PostgreSQL) fixed a privilege check vulnerability in versions 0.2.0–0.09.x. Endpoints such as collaborators.list, tables.metadata.list, explorations.list, and forms.list accepted a database_id without verifying that the requester was a collaborator, allowing an authenticated...
EUVD-2026-30589
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
CVE-2026-44718 Mathesar: Missing collaborator checks allowed access to saved explorations in other databases
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
CVE-2026-44718
Mathesar prior to 0.10.0 contains an access control flaw: from 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration_id without verifying that the requesting user is a collaborator on the exploration’s database. An authenticated user on ...
CVE-2026-44718 Mathesar: Missing collaborator checks allowed access to saved explorations in other databases
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
CVE-2026-44718
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
PT-2026-41351
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration id without verifying that the requesting user was a collaborator on the...
CVE-2024-25042
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting XSS. A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations...
PT-2024-20715 · Ibm · Ibm Cognos Analytics
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.3 Description: The issue is related to a Cross Site Scripting XSS vulnerability due to improper validation of column headings in Cognos...
oceanexplorations.com XSS vulnerability
Vulnerable URL: http://oceanexplorations.com/bh.php?dm=homero.com.mx";;alert'OPENBUGBOUNTY';function zif0// Details: Description| Value ---|--- Patched:| Yes, at 16.07.2016 Latest check for patch:| 16.07.2016 05:58 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
Broken IBM Java Patch Disclosure
Update For the second time in two weeks, researchers have discovered a three-year-old broken patch for a vulnerability in IBM’s Java SDK implementation. The flaw allows for an attacker to execute code outside the Java sandbox, and still affects current versions of IBM SDK, 7 and 8, released in...
Emergency Java Patch Re-Issued for 2013 Vulnerability
Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. Researchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still trivially exploitable, and it...
Broken 2013 Java Patch Leads to Sandbox Bypass
Java’s miserable 2013 just will not go away. One of the endless parade of bugs found in the platform throughout 2013—many of which were zero-day vulnerabilities exploited in targeted attacks—apparently wasn’t closed off completely by an October 2013 patch released by Oracle. Researchers at Polish...
Google App Engine for Java Security Vulnerabilities
A tweak carried out by Google in the Google App Engine for Java continues to stir up security concerns. Oracle this week patched the latest vulnerability in Java SE-the flaw also lives in Google’s platform-as-a-service entry-after it was privately disclosed by Java bug-hunters from Security...
Google App Engine Java Vulnerabilities Disclosed
A Polish research group claims there are still several outstanding vulnerabilities in Google App Engines for Java, including three complete Java sandbox escapes. After three weeks of radio silence from Google, it decided to disclose on Friday the vulnerabilities, along with proof of concept code...
Sandbox escapes: Google App Engine GAE in the presence of a 3 0+a sandbox bypass vulnerability-vulnerability warning-the black bar safety net
Security researchers at Google App Engine Google App Engine's Java environment found a large number of high-risk vulnerabilities that an attacker can exploit these vulnerabilities to bypass Google's security sandbox protection. Google App Engine Google App Engine is a Google-managed data centers...
Researchers Divulge 30 Oracle Java Cloud Service Bugs
Upset with the vulnerability handling process at Oracle, researchers yesterday disclosed more than two dozen outstanding issues with the company’s Java Cloud Service platform. Researchers at Security Explorations published two reports, complete with proof of concept codes, explaining 30 different...
[SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service
Hello All, Those concerned about security of Java PaaS Platform as a Service or cloud services in general might find the following information interesting. Security Explorations discovered multiple security vulnerabilities in the environment of Oracle 1 Java Cloud Service 2. Among a total of 28...