Lucene search
+L

4 matches found

cvelist
cvelist
added 2026/06/25 6:3 p.m.22 views

CVE-2026-56767 Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.8CVSS0.0033EPSS
Exploits0References4
osv
osv
added 2026/06/25 6:3 p.m.4 views

CVE-2026-56767 Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.7CVSS6AI score0.0033EPSS
Exploits0References7
cve
cve
added 2026/06/25 6:3 p.m.17 views

CVE-2026-56767

Maxun before version 0.0.42 is affected by a cross-tenant insecure direct object reference in storage and webhook API handlers. Authenticated users can bypass ownership checks to read other users’ robots and OAuth tokens, including plaintext Google and Airtable tokens, and can modify, delete, or ...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References4
euvd
euvd
added 2026/06/25 6:3 p.m.8 views

EUVD-2026-39517

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References4
Rows per page
Query Builder