9 matches found
CVE-2026-47279
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...
PT-2026-46996
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description Public shared-view endpoints expose values from columns that the view owner had hidden through three independent paths. First, the groupBy function returns raw values for any column named in the...
MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...
CVE-2025-11598
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...
SUSE CVE-2025-23216
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write...
UBUNTU-CVE-2023-40587
Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...
D-Link DIR816 授权问题漏洞
The D-Link DIR816 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DIR816L suffers from an Access Control Error vulnerability that stems from improper access control. An unauthenticated attacker could use this vulnerability to gain access to the folders folderview.php and...
GHSA-5HFP-964W-5VGM Improper Limitation of a Pathname to a Restricted Directory in Jenkins
A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java,...