Lucene search
+L

9 matches found

nvd
nvd
added 2026/06/23 9:16 p.m.11 views

CVE-2026-47279

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS0.00239EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.17 views

PT-2026-46996

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description Public shared-view endpoints expose values from columns that the view owner had hidden through three independent paths. First, the groupBy function returns raw values for any column named in the...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.18 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/03 11:33 a.m.3 views

CVE-2025-11598

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...

1CVSS5.4AI score0.00151EPSS
Exploits0References3
redhat
redhat
added 2025/09/02 5:39 a.m.14 views

postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table

An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...

3.1CVSS7AI score0.0022EPSS
Exploits0References5
susecve
susecve
added 2025/02/06 3:48 a.m.5 views

SUSE CVE-2025-23216

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write...

6.8CVSS6.7AI score0.00458EPSS
Exploits0References3
osv
osv
added 2023/08/25 9:15 p.m.5 views

UBUNTU-CVE-2023-40587

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...

5.3CVSS6AI score0.00632EPSS
Exploits0References7
cnnvd
cnnvd
added 2022/05/18 12:0 a.m.7 views

D-Link DIR816 授权问题漏洞

The D-Link DIR816 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DIR816L suffers from an Access Control Error vulnerability that stems from improper access control. An unauthenticated attacker could use this vulnerability to gain access to the folders folderview.php and...

7.5CVSS5.6AI score0.38289EPSS
Exploits1References3
osv
osv
added 2022/05/14 1:4 a.m.4 views

GHSA-5HFP-964W-5VGM Improper Limitation of a Pathname to a Restricted Directory in Jenkins

A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java,...

6.5CVSS6.8AI score0.03256EPSS
Exploits0References5
Rows per page
Query Builder