Lucene search
K

20 matches found

CVE
CVE
added 2026/06/23 8:34 p.m.18 views

CVE-2026-47378

CVE-2026-47378 concerns NocoDB, where before 2026.04.1 public shared-view endpoints could expose hidden-column values through three paths: (1) groupBy could return raw values for any column named in the request, (2) filter and sort arrays operated on hidden columns allowed boolean-blind extractio...

6.9CVSS6AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:34 p.m.26 views

CVE-2026-47378 NocoDB: Hidden Column Exposure in Public Shared View Endpoints

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on...

6.9CVSS0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:3 p.m.8 views

GHSA-4W6R-5C2J-QF5F NocoDB: Hidden Column Exposure in Public Shared View Endpoints

Summary Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on hidden columns enabling boolean-blind extraction, and the related-data...

6.9CVSS5.6AI score0.00239EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 4:3 p.m.13 views

NocoDB: Hidden Column Exposure in Public Shared View Endpoints

Summary Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on hidden columns enabling boolean-blind extraction, and the related-data...

6.9CVSS5.6AI score0.00239EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.14 views

PT-2026-46996

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description Public shared-view endpoints expose values from columns that the view owner had hidden through three independent paths. First, the groupBy function returns raw values for any column named in the...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/06/27 1:25 p.m.47 views

CVE-2024-5480

A vulnerability in PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC Remote Procedure Call...

8.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/25 12:0 a.m.30 views

PyTorch < 2.2.2 RCE

The remote host contains a torchserve version that is prior to 2.2.2. It is, therefore, affected by a remote code execution vulnerability. A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework...

6.8AI score
Exploits0References2
OSV
OSV
added 2024/06/06 7:16 p.m.21 views

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC Remote Procedure Call...

8.1AI score
Exploits0References2
CVE
CVE
added 2024/05/03 2:10 p.m.65 views

CVE-2024-3480

The CVE-2024-3480 entry concerns the Motorola framework and an implicit-intent vulnerability that could allow an attacker to read telephony-related data. Details in the provided documents indicate: affected software/component — Motorola framework; vulnerability type — implicit intent leading to d...

2.8CVSS6.6AI score0.00147EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:11 a.m.10 views

BIT-MEDIAWIKI-2021-36130

An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...

4.8CVSS4.8AI score0.00548EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2023/07/03 9:38 a.m.43 views

Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets

In yet another sign of a lucrative crimeware-as-a-service CaaS ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a...

9.8CVSS8.9AI score0.85689EPSS
Exploits10
NVD
NVD
added 2023/05/30 11:15 p.m.15 views

CVE-2023-29728

The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack...

9.8CVSS9.2AI score0.00583EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2021/08/02 12:50 p.m.15 views

CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...

4.2CVSS4.4AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2021/07/02 1:15 p.m.22 views

CVE-2021-36130

An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...

4.8CVSS0.00548EPSS
Exploits1References2
Prion
Prion
added 2021/07/02 1:15 p.m.17 views

Cross site scripting

An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...

3.5CVSS4.8AI score0.00548EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/13 7:40 a.m.29 views

CVE-2021-20331 MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application

Specific versions of the MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser",...

4.2CVSS5.6AI score0.00623EPSS
Exploits0References1
Veracode
Veracode
added 2020/04/10 1:8 a.m.31 views

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists through a flaw in the way memory containing security-related data was handled in tpmread could allow a local, unprivileged user to read the results of a previously run TPM command...

2.1CVSS2.5AI score0.00364EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2018/03/21 4:59 p.m.4 views

DRUPAL-CONTRIB-2018-016

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently check access when viewing related resources or relationships, thereby causing an access bypass vulnerability. This vulnerability is...

6.7AI score
Exploits0References1
NVD
NVD
added 2018/03/06 8:29 p.m.19 views

CVE-2017-15519

Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation...

7.2CVSS7.1AI score0.012EPSS
Exploits0References1
securityvulns
securityvulns
added 2002/11/19 12:0 a.m.24 views

Linksys router vulnerability

SUMMARY: Linksys products running affected firmware versions are susceptible to a bug that allows unauthenticated access to the management interface. This bug affects both local and remote management if enabled. AFFECTED PRODUCTS per Linksys support: BEFSR41, BEFSR11, BEFSRU31: firmware versions...

7.3AI score
Exploits0
Rows per page
Query Builder