4 matches found
CVE-2026-10706
In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...
CVE-2026-10706
CVE-2026-10706 affects Adalo’s no-code app builder (V1 and V2). A platform‑level flaw in the database API allows authenticated users to retrieve full user records from any Adalo application, via dbId enumeration, bypassing ownership checks and enabling cross‑application data exposure. The issue i...
PT-2026-56454
Name of the Vulnerable Software and Affected Versions Adalo versions 1 through 2 Description Attackers can extract complete user records and correlate user behavior across multiple applications through the enumeration of the dbId variable. This occurs because the platform lacks data minimization,...
CVE-2025-65238
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information...