9 matches found
CVE-2026-44719
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a databaseid without verifying that the requesting user was a collaborator on that...
CVE-2026-44719 Mathesar: Missing collaborator checks allowed access to database-scoped Mathesar metadata
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a databaseid without verifying that the requesting user was a collaborator on that...
CVE-2026-44719
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a databaseid without verifying that the requesting user was a collaborator on that...
EUVD-2026-30589
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
CVE-2026-44718 Mathesar: Missing collaborator checks allowed access to saved explorations in other databases
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
Mathesar 安全漏洞
Mathesar is an open-source PostgreSQL data collaboration and editing tool developed by the Mathesar Foundation. Versions of Mathesar from 0.2.0 to 0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification that the requesting user was indeed a database...
PT-2026-41351
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration id without verifying that the requesting user was a collaborator on the...
PT-2026-41352
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a database id without verifying that the requesting user was a collaborator on that...
Mathesar 安全漏洞
Mathesar is an open-source PostgreSQL data collaboration and editing tool developed by the Mathesar Foundation. Versions of Mathesar from 0.2.0 to 0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification that the requesting user was indeed a database...