Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/06/23 8:9 p.m.27 views

CVE-2026-47388 NocoDB: Missing Ownership Check in MCP Attachment Read

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not...

2.3CVSS0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41704

AgentClienthandlemethod lines 264-303 processes every NATS reply. It calls injectcompilelog line 273 on every response, which reads response'value''result''compilelogid' line 332-338 and passes it to downloadanddeleteblob. Separately, any response containing 'exception' goes through formatexcepti...

6.8CVSS5.5AI score0.00083EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 10:45 p.m.6 views

GHSA-4X6R-9V57-3GQW praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks

Summary Type: Insecure Direct Object Reference. The dependency endpoints POST/GET /workspaces/workspaceid/issues/issueid/dependencies and DELETE .../dependencies/depid gate access on requireworkspacememberworkspaceid only, then dispatch to DependencyService calls that take URL/body-supplied issue...

8.1CVSS5.9AI score0.00032EPSS
Exploits0References2
CVE
CVE
added 2026/05/15 9:3 p.m.26 views

CVE-2026-44569

Open WebUI CVE-2026-44569 describes an IDOR in the channel messages management system. Before version 0.6.19, authenticated users could modify or delete any message in channels they can read because message ownership validation was missing in the backend update/delete endpoints, even though the f...

7.1CVSS5.8AI score0.00266EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-20331

Name of the Vulnerable Software and Affected Versions Pterodactyl Panel versions prior to 1.12.1 Description A missing authorization check allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a...

9.2CVSS5.5AI score0.00316EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

WordPress plugin “Drag and Drop Multiple File Upload for Contact Form” has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

7.4CVSS5.8AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.4 views

PT-2023-16775 · WordPress · Wp Fevents Book

Name of the Vulnerable Software and Affected Versions: WP FEvents Book WordPress plugin versions 0.46 and earlier Description: The issue allows any authenticated user to book, add notes, or cancel bookings on behalf of other users, as the plugin does not ensure that bookings to be updated belong ...

6.5CVSS6.9AI score0.00555EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2022/07/06 12:0 a.m.4 views

PT-2022-20551 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud mail versions prior to 1.12.2 Description: The issue concerns missing user account ownership checks when performing tasks related to mail attachments in Nextcloud mail, potentially exposing attachments to incorrect system users...

5.4CVSS4.4AI score0.00723EPSS
Exploits1References9
Rows per page
Query Builder