Lucene search
K

214 matches found

Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.6 views

PT-2025-46219

Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.45.2 Description SpiceDB is a database system for managing application permissions. Versions prior to 1.45.2 are susceptible to an issue where a successful response is incorrectly returned from a WriteRelationships...

6.9CVSS6.3AI score0.0024EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0930

Malicious code in bioql PyPI...

9.1CVSS7.3AI score0.00456EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0503

Malicious code in bioql PyPI...

8.1CVSS7.9AI score0.01472EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-1842

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00448EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2914

Malicious code in bioql PyPI...

2.4CVSS7.9AI score0.00307EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-17360

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00266EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2059

Malicious code in bioql PyPI...

5.3CVSS4.8AI score0.00396EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1231

Malicious code in bioql PyPI...

4.3CVSS4.2AI score0.00578EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-1271

Malicious code in bioql PyPI...

8.7CVSS7.8AI score0.00762EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/07/04 2:37 p.m.4 views

SUSE CVE-2025-49011

SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow'ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...

5.3CVSS6.6AI score0.00266EPSS
Exploits0References2
OSV
OSV
added 2025/06/10 5:17 p.m.5 views

GO-2025-3744 SpiceDB checks involving relations with caveats can result in no permission when permission is expected in github.com/authzed/spicedb

SpiceDB checks involving relations with caveats can result in no permission when permission is expected in github.com/authzed/spicedb...

5.3CVSS7.1AI score0.00266EPSS
Exploits0References4
OSV
OSV
added 2025/06/06 9:41 p.m.6 views

GHSA-CWWM-HR97-QFXM SpiceDB checks involving relations with caveats can result in no permission when permission is expected

Impact On schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. For example, given this schema:...

3.7CVSS6.9AI score0.00266EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/06 9:41 p.m.20 views

SpiceDB checks involving relations with caveats can result in no permission when permission is expected

Impact On schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. For example, given this schema:...

5.3CVSS4AI score0.00266EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/06/06 6:42 p.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the evaluation of multiple caveated branches in the schema. An attacker can receive a NOPERMISSION response when a HASPERMISSION response is expected by exploiting the incorrect handling of caveats in...

5.3CVSS7AI score0.00266EPSS
Exploits0References2
NVD
NVD
added 2025/06/06 6:15 p.m.14 views

CVE-2025-49011

SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...

5.3CVSS0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/06 5:36 p.m.11 views

CVE-2025-49011 SpiceDB checks involving relations with caveats can result in no permission when permission is expected

SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...

3.7CVSS0.00266EPSS
Exploits0References3
OSV
OSV
added 2025/06/06 5:36 p.m.8 views

CVE-2025-49011 SpiceDB checks involving relations with caveats can result in no permission when permission is expected

SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...

3.7CVSS6.5AI score0.00266EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/06 5:36 p.m.12 views

CVE-2025-49011 SpiceDB checks involving relations with caveats can result in no permission when permission is expected

SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...

3.7CVSS4.5AI score0.00266EPSS
Exploits0References3
CVE
CVE
added 2025/06/06 5:36 p.m.64 views

CVE-2025-49011

SpiceDB (v1.44.x) vulnerability: when resolving CheckPermission paths that involve arrows with caveats, the evaluation across multiple caveated branches may incorrectly return NO_PERMISSION instead of PERMISSION. Root cause is in caveats on an arrow’ed relation affecting multi-branch permission c...

5.3CVSS7.1AI score0.00266EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.5 views

SpiceDB 安全特征问题漏洞

SpiceDB is a fine-grained permissions database from the Authzed team. A security feature issue vulnerability exists in SpiceDB versions prior to 1.44.2, which stems from a schema evaluation issue involving arrow relationships that could result in an incorrect response...

5.3CVSS6.3AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder