Lucene search
K

6 matches found

NVD
NVD
added 2026/06/20 4:17 p.m.17 views

CVE-2026-56235

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 5:45 p.m.13 views

EUVD-2026-29728

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39862

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.5 Description Vaultwarden fails to verify that organization UUID entries in group and collection management are consistent. Specifically, the server does not enforce that a groups users.users organizations uu...

8.7CVSS5.8AI score0.00289EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/05 7:12 p.m.7 views

EUVD-2026-27448

Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...

5.3CVSS5.8AI score0.0017EPSS
Exploits0References2
NVD
NVD
added 2025/11/07 7:16 p.m.3 views

CVE-2025-64431

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...

8.7CVSS0.00253EPSS
Exploits0References3
CVE
CVE
added 2025/11/07 6:9 p.m.15 views

CVE-2025-64431

The CVE-2025-64431 issue concerns Zitadel’s Organization V2Beta API, where IDOR flaws allow an authenticated administrator of one organization to read or modify data of other organizations. Affected versions are Zitadel 4.0.0-rc.1 through 4.6.2. The root cause is improper authorization checks acr...

8.7CVSS6.2AI score0.00253EPSS
Exploits0References3
Rows per page
Query Builder