Lucene search
K

8 matches found

GithubExploit
GithubExploit
added 2026/06/12 2:57 a.m.67 views

Exploit for CVE-2026-46645

CVE-2026-46645 - SQLAdmin ajaxlookup Authorization Bypass...

4.3CVSS5.7AI score0.00279EPSS
Exploits1
NVD
NVD
added 2026/06/10 11:16 p.m.9 views

CVE-2026-46645

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

4.3CVSS0.00279EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/10 10:23 p.m.11 views

EUVD-2026-36168

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

4.3CVSS5.4AI score0.00279EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/10 10:23 p.m.7 views

CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

4.3CVSS5.4AI score0.00279EPSS
Exploits1References4
CVE
CVE
added 2026/06/10 10:23 p.m.34 views

CVE-2026-46645

SQLAdmin (for SQLAlchemy) contains an authorization bypass in the ajax_lookup endpoint prior to version 0.25.1, where is_accessible() is bypassed, allowing an authenticated user to query a model’s data despite access restrictions. The issue affects ajax_lookup specifically and was mitigated by pa...

4.3CVSS5.4AI score0.00279EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/05/21 9:31 p.m.5 views

arpakitlib (>=1.9.5 <=1.9.50), blog-coeur (>=0.0.14 <=0.0.19) +8 more potentially affected by CVE-2026-46645 via sqladmin (>=0.13.0 <=0.24.0)

sqladmin PYPI version =0.13.0, =1.9.5, =0.0.14, =0.0.1, =0.0.22, =0.0.1a1, =0.0.1, =0.1.0, =0.1.2, =0.0.21, =0.0.23 Source cves: CVE-2026-46645 Source advisory: OSV:GHSA-54MC-GGHV-4CFJ...

4.3CVSS5.7AI score0.00279EPSS
Exploits1
OSV
OSV
added 2026/05/21 9:31 p.m.10 views

GHSA-54MC-GGHV-4CFJ SQLAdmin: Authorization Bypass on `ajax_lookup`

Impact The ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user can still query that model's data through the ajaxlookup endpoint — silently...

4.3CVSS5.8AI score0.00279EPSS
Exploits1References6
Snyk
Snyk
added 2026/05/21 9:31 p.m.7 views

Missing Authorization

Overview sqladmin is a SQLAlchemy admin for FastAPI and Starlette Affected versions of this package are vulnerable to Missing Authorization in the ajaxlookup endpoint due to missing enforcement of access control checks. An attacker can access restricted model data by sending requests to the...

5.3CVSS5.3AI score0.00279EPSS
Exploits1References2
Rows per page
Query Builder