Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

Summary The row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including ro...

CVE-2025-13236

A vulnerability was identified in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

PT-2024-35350 · Nextcloud · Nextcloud Tables

Name of the Vulnerable Software and Affected Versions: Nextcloud Tables versions prior to 0.8.0 Description: The issue allows a malicious user to insert new rows into tables they have no access to by directly specifying the ID of a table or view. Recommendations: For versions prior to 0.8.0,...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from the fact that by directly specifying the ID of a table or view, a malicious user can blindly...