135 matches found
CVE-2026-56781
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...
CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...
CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...
EUVD-2026-40157
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...
CVE-2026-56781
The CVE-2026-56781 entry details an improper access control in Teable prior to 2026-06-15T04-43-24Z.1912 where anonymous attackers can access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs...
CVE-2026-41969
Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-33888
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type module, where the method checks whether a MongoDB projection has already been set before applying...
CVE-2026-39857
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...
Token-Level Generalization in LoRA Adapter Backdoors: Attack Characterization and Behavioral Detection
We show that LoRA adapters, the dominant distribution format for fine-tuned LLMs, can be reliably backdoored through training data poisoning while preserving baseline task performance. On a Qwen 2.5 1.5B prompt-injection classifier, a small fraction of poisoned examples drives a...
Ablating Safety: Mechanisms for Removing Alignment in Language Models for Security Applications
Safety-aligned language models often refuse cybersecurity requests whose wording resembles misuse, even when the task is authorized and defensive. This makes security evaluation ambiguous: a failed answer may reflect missing capability or refusal-policy intervention. Ablating Safety studies...
CVE-2026-41969
Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-41969
Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-41969
Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
EUVD-2026-30531
Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-41969
Technical details about CVE-2026-41969 are not publicly available in the provided documents. Monitor for updates from official sources.
CVE-2026-41969
Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
PT-2026-41290
Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
Fragile bounds check when sampling from image
A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered NaN cases improperly, causing them to succeed the check instead of failing it. The floating point coordinate is under caller control by passing a selected...
Risk Models As Mediating Artifacts: A Postphenomenological Analysis of the CIIM Framework in Cybersecurity Practice
This article applies postphenomenological theory to the field of cybersecurity risk management, arguing that formal risk models function as mediating artifacts that shape how security practitioners or analysts perceive, interpret, and act on threats. Based on Don Ihde's taxonomy on human-technolo...
EUVD-2026-23108
ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions...