Lucene search
K

4 matches found

NVD
NVD
added last week7 views

CVE-2026-10706

In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...

7.5CVSS0.00303EPSS
Exploits0References1
CVE
CVE
added last week8 views

CVE-2026-10706

CVE-2026-10706 affects Adalo’s no-code app builder (V1 and V2). A platform‑level flaw in the database API allows authenticated users to retrieve full user records from any Adalo application, via dbId enumeration, bypassing ownership checks and enabling cross‑application data exposure. The issue i...

7.5CVSS5.9AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.5 views

PT-2026-56454

Name of the Vulnerable Software and Affected Versions Adalo versions 1 through 2 Description Attackers can extract complete user records and correlate user behavior across multiple applications through the enumeration of the dbId variable. This occurs because the platform lacks data minimization,...

7.5CVSS6AI score0.00303EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/26 12:0 a.m.11 views

CVE-2025-65238

Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information...

0.00293EPSS
Exploits1References3
Rows per page
Query Builder