Lucene search
K

242 matches found

Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54735

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated attacker can perform error-based SQL injection by sending crafted values to the id parameter via a GET request to the 'job info.php' endpoint. The issue...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/26 3:32 p.m.7 views

EUVD-2026-39774

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...

8.8CVSS5.8AI score0.00371EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56773

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...

8.8CVSS0.00371EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 2:38 p.m.34 views

CVE-2026-56773 Teable - Missing Authorization in v2 REST API

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...

8.8CVSS0.00371EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 2:38 p.m.17 views

CVE-2026-56773

CVE-2026-56773 concerns Teable’s v2 REST API controller, where missing @Permissions metadata on ORPC endpoints allows any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases/tables via endpoints like GET /ap...

8.8CVSS5.8AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52778

Name of the Vulnerable Software and Affected Versions Teable affected versions not specified Description The v2 REST API controller lacks @Permissions metadata on ORPC endpoints, which enables authenticated users to bypass authorization checks. This allows unauthorized reading of table schemas,...

8.8CVSS5.8AI score0.00371EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51389

Name of the Vulnerable Software and Affected Versions Filament versions prior to 3.3.52 Filament versions prior to 4.11.5 Filament versions prior to 5.6.5 Description Filament applies Livewire's WithFileUploads trait to components where schemas may contain file upload fields. Certain schemas, suc...

6.5CVSS6AI score0.00207EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:45 p.m.20 views

CVE-2019-25761 Joomla! Component JoomCRM 1.1.1 SQL Injection via deal_id

Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the dealid parameter. Attackers can send GET requests to index.php with option=comjoomcrm&view=contacts and inject SQL...

7.1CVSS0.00221EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/15 5:27 p.m.8 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant properties. An attacker can cause affected message or...

6.9CVSS5.7AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 1:27 p.m.6 views

GHSA-Q7CG-457F-VX79 joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas

Impact Denial of service via untrapped exception in services validating user-supplied JSON / object input with recursive link schemas. The blast radius depends on how the application invokes joi: - Highest impact: validate called without try/catch in a request handler would cause an unhandled...

5.3CVSS5.3AI score0.00039EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48686

Impact Denial of service via untrapped exception in services validating user-supplied JSON / object input with recursive link schemas. The blast radius depends on how the application invokes joi: - Highest impact: validate called without try/catch in a request handler would cause an unhandled...

5.3CVSS5.5AI score0.00039EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/06/07 12:0 a.m.20 views

Data Agents under Attack: Vulnerabilities in LLM-Driven Analytical Systems

Data agents integrate LLM-driven reasoning with relational data access, executable analytical tools, and multi-step workflow orchestration, making them increasingly central to enterprise analytics. This integration introduces new security vulnerabilities across data resources, database execution,...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44290

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

7.5CVSS5.5AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44295

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS5.5AI score0.00395EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.12 views

AgentRedBench: Dynamic Redteaming and Integration-Aware Defense for LLM Agents over SaaS Integrations

Indirect prompt injection in tool-use agents is a concrete production threat: LLM agents read from integrations third-party services such as Gmail, Salesforce, or Jira accessed through tool calls whose response content the user neither writes nor controls. Existing benchmarks under-measure the...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/29 2:46 p.m.9 views

EUVD-2018-21924

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44062

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description An issue exists in the open-source low-code platform where the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware fails to enforce...

7.5CVSS5.8AI score0.00224EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 1:30 p.m.4 views

GHSA-VR35-JM2F-8WG2 Apache Syncope Vulnerable to Exposure of Sensitive Information Through Data Queries

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...

4.9CVSS5.7AI score0.00436EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/25 4:59 p.m.8 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in JexlContextBuilder. An administrator user with entitlements for Derived Schemas and User read can access other users' passwordHistory, securityAnswer, token, tokenExpireTime, and cipherAlgorithm values via...

5.1CVSS5.8AI score0.00436EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/25 3:0 p.m.14 views

EUVD-2026-31702

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...

5.8AI score0.00436EPSS
Exploits0References1
Rows per page
Query Builder