Lucene search
K

8 matches found

NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-46549

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauthscope and oauthgrantedresources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited...

2CVSS0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:40 p.m.29 views

CVE-2026-46549 NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauthscope and oauthgrantedresources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited...

2CVSS0.00151EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:40 p.m.15 views

CVE-2026-46549

CVE-2026-46549 affects NocoDB. Prior to version 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_resources to the request user, but the ACL middleware did not enforce them. This allowed an OAuth token with a restricted scope to inherit the underlying user’s full permissi...

2CVSS5.9AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50719

Name of the Vulnerable Software and Affected Versions opentelemetry-collector-contrib sentryexporter affected versions not specified Description The Sentry exporter fails to validate the service.name resource attribute when constructing Sentry API URLs. Because this attribute is controlled by...

5.3CVSS6.1AI score
Exploits0References4
Snyk
Snyk
added 2025/11/05 7:52 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

8.8CVSS6.9AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2024/01/10 6:15 p.m.4 views

CVE-2023-48783

An Authorization Bypass Through User-Controlled Key vulnerability CWE-639 affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other...

5.4CVSS5.8AI score0.22238EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/10 12:0 a.m.4 views

Fortinet PortiPortal Security Vulnerability

Fortinet PortiPortal is a cloud-based multi-tenant portal from Fortinet, Inc. for security policy management and analysis. A security vulnerability exists in Fortinet PortiPortal version 7.2.1 and earlier, version 7.0.6 and earlier, version 6.0.14 and earlier, and version 5.3.8. An attacker could...

5.4CVSS6.7AI score0.22238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.4 views

PT-2024-13651 · Unknown · Portiportal

Name of the Vulnerable Software and Affected Versions: PortiPortal versions 7.2.1 and below PortiPortal versions 7.0.6 and below PortiPortal versions 6.0.14 and below PortiPortal versions 5.3.8 and below Description: The issue allows a remote authenticated user with at least read-only permissions...

5.4CVSS5.2AI score0.22238EPSS
Exploits0References4
Rows per page
Query Builder