Lucene search
K

142 matches found

CVE
CVE
added 2026/06/29 5:21 p.m.16 views

CVE-2026-57954

Vulnerability summary (CVE-2026-57954) Elide 7.1.17 has a flaw in SortingImpl.getValidSortingRules where @ReadPermission is not enforced on client-supplied sort expressions. This allows attackers to sort collections by forbidden fields and infer hidden field values via row ordering analysis, leak...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 5:15 p.m.9 views

CVE-2026-56781

The CVE-2026-56781 entry details an improper access control in Teable prior to 2026-06-15T04-43-24Z.1912 where anonymous attackers can access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs...

6.9CVSS5.9AI score0.00231EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 5:15 p.m.9 views

CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS5.9AI score0.00231EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 5:15 p.m.1 views

CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS6AI score0.00231EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/29 5:15 p.m.35 views

CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS0.00231EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 11:49 p.m.10 views

CVE-2026-41837 Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys

Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14;...

5.3CVSS5.6AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:49 p.m.2 views

CVE-2026-41837 Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys

Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14;...

5.3CVSS6AI score0.00191EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:49 p.m.30 views

CVE-2026-41837

CVE-2026-41837 impacts Spring Data REST where the Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not apply Jackson customizations before passing them to Querydsl. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4...

5.3CVSS5.6AI score0.00191EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.7 views

cve-2026-41837 - MEDIUM - Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys

cve-2026-41837 - MEDIUM - Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys...

5.3CVSS6.1AI score0.00191EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-42744

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

6.5CVSS5.4AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.13 views

CVE-2026-45697

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending ...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 8:16 p.m.18 views

CVE-2026-45697

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending ...

9.8CVSS0.00475EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 7:1 p.m.30 views

CVE-2026-45697

Formie (Craft CMS plugin) exposes a pre-authenticated server-side template injection via Hidden fields configured with Default value → Custom. Unauthenticated users could submit crafted values that are evaluated as Twig during submission handling, potentially compromising the Craft site. Affected...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 7:1 p.m.12 views

EUVD-2026-33421

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending ...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:1 p.m.11 views

CVE-2026-45697

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending ...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/29 7:1 p.m.3 views

CVE-2026-45697 Formie: Pre-authenticated server-side template injection in Hidden fields

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending ...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/29 7:1 p.m.37 views

CVE-2026-45697 Formie: Pre-authenticated server-side template injection in Hidden fields

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending ...

9.8CVSS0.00475EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 11:16 a.m.17 views

CVE-2026-42744

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

6.5CVSS0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42744 WordPress Ads by WPQuads plugin <= 3.0.2 - Bypass Vulnerability vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:49 a.m.17 views

EUVD-2026-32193

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
Rows per page
Query Builder