20 matches found
NocoDB: Hidden Column Exposure in Public Shared View Endpoints
Summary Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on hidden columns enabling boolean-blind extraction, and the related-data...
PT-2026-46996
Summary Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on hidden columns enabling boolean-blind extraction, and the related-data...
CVE-2026-30586
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
CVE-2026-38935
A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...
CVE-2026-38935
A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...
CVE-2026-38935
A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...
PT-2026-35457
A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...
CVE-2026-38935
Diskover Community is affected by a reflected XSS in public/view.php via the doctype parameter, impacting versions
EUVD-2026-25890
A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...
EUVD-2024-24364
Malicious code in bioql PyPI...
CVE-2024-27112
A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02...
CVE-2024-27114
A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the...
CVE-2024-27114
A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the...
CVE-2024-27112
A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02...
CVE-2024-27113
An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...
CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02
An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...
PT-2024-21656 · Unknown · Soplanning
Name of the Vulnerable Software and Affected Versions: SO Planning versions prior to 1.52.02 Description: A Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, an attacker can upload a PHP-file that will be available for...
GitLab Access Control Error Vulnerability
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An access control error vulnerability exists in GitLab CE/EE, which stems from...
The UK’s Secretive Web Surveillance Program Is Ramping Up
A government effort to collect people’s internet records is moving beyond its test phase, but many details remain hidden from public view...
My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS)
Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site. PoC http://www.domain.de/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%2FOPENBUGBOUNTY%2F%3E...