Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.10 views

CVE-2026-42202

nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 10:16 p.m.31 views

CVE-2026-42202

nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...

6.5CVSS0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:18 p.m.7 views

CVE-2026-42202

nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

Laravel Nova 5 Toggle Field 授权问题漏洞

Laravel Nova 5 Toggle Field is a tool developed by Almir Hodzic for quickly toggling boolean values in Laravel Nova 5. Versions of Laravel Nova 5 Toggle Field prior to 1.3.0 had an authorization vulnerability. This vulnerability stemmed from the fact that the endpoint was only protected by web an...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 4:0 p.m.16 views

GHSA-F5C8-M5VW-RMGQ nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

Impact In versions middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself for example, frontend customers sharing the web guard with the Nova admin area. The endpoi...

6.5CVSS5.7AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.12 views

PT-2026-37175

Name of the Vulnerable Software and Affected Versions nova-toggle-5 versions prior to 1.3.0 Description The toggle endpoint "POST /nova-vendor/nova-toggle/toggle/resource/resourceId" was protected only by web and auth: middleware. This allowed any user authenticated on the configured guard to fli...

6.5CVSS6AI score0.00201EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/24 12:0 a.m.10 views

nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

In versions middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself for example, frontend customers sharing the web guard with the Nova admin area. The endpoint also...

5.6AI score
Exploits0References5Affected Software1
Rows per page
Query Builder