1012 matches found
CVE-2026-56239 Capgo - Privilege Escalation via SECURITY DEFINER Function apply_usage_overage
Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...
CVE-2026-56239
Capgo CVE-2026-56239 affects Capgo before 12.128.2. The vulnerability lies in the public.apply_usage_overage SECURITY DEFINER function, which performs billing operations without validating authorization (no auth.uid(), org membership, or check_min_rights). Because the function runs with the owner...
PT-2026-51222
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A broken row level security RLS policy in the org users table allows authenticated users to elevate their privileges from admin to super admin. This insufficient RLS enforcement enables attackers to...
Astra Linux – Vulnerability in htmldoc
A flaw was discovered in htmldoc version 1.9.12. A heap buffer overflow in the rendertablerow function, located in ps-pdf.cxx, may lead to arbitrary code execution and denial of service...
Astra Linux – Vulnerability in PostgresSQL 11
Row security policies ignore changes to user IDs after inline operations. PostgreSQL may allow incorrect policies to be applied in certain cases where role-specific policies are used, and where a given query is planned to be executed under one role and then executed under another role. This...
Astra Linux – Vulnerability in libpng1.6
LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.26 to 1.6.53, there was an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit, which caused...
Panic on a `DataRow` with fewer fields than columns allows denial of service
A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...
RUSTSEC-2026-0178 Panic on a `DataRow` with fewer fields than columns allows denial of service
A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...
CVE-2026-49141 WACRM Authorization Bypass via Automation Engine Endpoint
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...
EUVD-2026-35194
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...
CVE-2026-46478 Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...
CVE-2026-46478
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...
PT-2026-47450
Name of the Vulnerable Software and Affected Versions WACRM versions prior to commit 73041bf Description An authorization bypass exists in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants. By providing an arbitrary contact id in th...
CVE-2026-34312
Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attac...
CVE-2026-0085
In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-8669
Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match...
CVE-2026-40902
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...
NocoDB: Stored Cross-Site Scripting via Row Comments
Summary An authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. Details The comment write paths persisted the raw comment body with no server-side sanitisation; the expanded-form sidebar then rendered...
GHSA-JF3G-4GWG-4H66 NocoDB: Stored Cross-Site Scripting via Row Comments
Summary An authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. Details The comment write paths persisted the raw comment body with no server-side sanitisation; the expanded-form sidebar then rendered...
PT-2026-47081
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description An authenticated commenter can store HTML in row comments that executes as a script when other users hover over the comment in the expanded form view. This occurs because comment write paths persi...