CVE-2025-65111

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...

CVE-2025-65111

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...

CVE-2025-65111 SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...

CVE-2025-65111 SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...

Insecure Inherited Permissions

Overview Affected versions of this package are vulnerable to Insecure Inherited Permissions in the LookupResources API. An attacker can cause incomplete or missing results to be returned by crafting schemas that define permissions using unions referencing the same relation with different...

GHSA-9M7R-G8HG-X3VR SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results

Impact If your schema includes the following characteristics: 1. You have a permission defined in terms of a union + 1. That union references the same relation on both sides, but one side arrows to a different permission Then you might have missing LookupResources results when checking the...

PT-2025-47815

Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.47.1 Description SpiceDB is a database system used for managing security-critical application permissions. Versions of SpiceDB prior to 1.47.1 may exhibit incomplete LookupResources results when checking permissions...

EUVD-2024-36691

Malicious code in bioql PyPI...

PT-2024-27583 · Automattic · Newspack Ads

Name of the Vulnerable Software and Affected Versions: Newspack Ads versions 1.47.1 and earlier Description: A Cross Site Scripting XSS issue, specifically a Stored XSS vulnerability, has been identified in Automattic Newspack Ads. This allows for malicious scripts to be stored on the server and...

WordPress plugin Newspack Ads security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Newspack Ads plugin <= 1.47.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Newspack Ads versions = 1.47.1...

PYSEC-2021-436

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

UBUNTU-CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

synapse 路径遍历漏洞

Synapse is an application. for open federated instant messaging and VoIPSynapse. versions prior to Synapse 1.47.1 contain a path traversal vulnerability that could be exploited by an attacker to bypass the authentication process and download files from a remote server to an arbitrary directory...