Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/05/18 5:44 p.m.19 views

Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

Summary The row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including ro...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/16 4:15 a.m.6 views

CVE-2025-13236

A vulnerability was identified in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

9.8CVSS5.8AI score0.00289EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.7 views

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from the fact that by directly specifying the ID of a table or view, a malicious user can blindly...

6.5CVSS6.4AI score0.00448EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.6 views

PT-2024-35350 · Nextcloud · Nextcloud Tables

Name of the Vulnerable Software and Affected Versions: Nextcloud Tables versions prior to 0.8.0 Description: The issue allows a malicious user to insert new rows into tables they have no access to by directly specifying the ID of a table or view. Recommendations: For versions prior to 0.8.0,...

6.3CVSS7.1AI score0.00448EPSS
Exploits0References8
Rows per page
Query Builder