EUVD-2026-32597

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour

Summary The public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user identity and permissions from this cache TTL: 3600 seconds...

CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF...

CVE-2002-1981

Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the 1 spMSSetServerProperties or 2 spMSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings...

Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SUSERSNAME SQL Logins Enumeration', 'Description' = %q This module can be used to obtain a list of all logins from a SQL...

GaussDB Kernel: PUBLIC Role Should Not Have Any Permissions on the pg_catalog.pg_authid Table

The pgcatalog.pgauthid table contains all system roles. To protect them from being arbitrarily changed, the PUBLIC role is not allowed to have any permissions on this table. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...

GaussDB Kernel: PUBLIC Role Should Not Have Permissions on All Objects

All users are attached to the PUBLIC role. Therefore, this role should have the fewest permissions for database security purposes. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

openGauss: Revoking the CREATE Permission from a User with the PUBLIC Role

A common user can create malicious functions with the same names as system functions if the user has the PUBLIC role. In this way, other users can call these malicious functions by mistake to compromise database security. If the PUBLIC role has the CREATE permission, any user having this role can...

openGauss: PUBLIC Role Should Not Have Any Permissions on the pg_catalog.pg_authid Table

The pgcatalog.pgauthid table contains all system roles. To protect them from being arbitrarily changed, the PUBLIC role is not allowed to have any permissions on this table. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...

Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the ability to execute a query o...

Microsoft SQL Server NTLM Stealer

This module can be used to help capture or relay the LM/NTLM credentials of the account running the remote SQL Server service. The module will use the supplied credentials to connect to the target SQL Server instance and execute the native "xpdirtree" or "xpfileexist" stored procedure. The stored...

CVE-2002-1981

Microsoft SQL Server 2000 up to SP2 allows the public role to execute the stored procedures sp_MSSetServerProperties and sp_MSsetalertinfo, enabling modification of configuration including startup and alert settings. This CVE description is corroborated across NVD/Red Hat/CVE pages. No explicit e...

CVE-2002-1981

Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the 1 spMSSetServerProperties or 2 spMSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings...

CVE-2002-1981

Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the 1 spMSSetServerProperties or 2 spMSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings...

Microsoft SQL Server 2000 - sp_MScopyscript SQL Injection

Microsoft SQL Server 2000 - spMScopyscript SQL Injection source: https://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the abili...