CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

150 matches found

RedhatCVE•added 2026/04/03 11:1 p.m.•0 views

CVE-2026-34593

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS5.8AI score0.00025EPSS

Exploits1References1

NVD•added 2026/04/02 6:16 p.m.•1 views

CVE-2026-34593

8.2CVSS0.00025EPSS

Exploits1References2

ATTACKERKB•added 2026/04/02 5:42 p.m.•1 views

CVE-2026-34593

8.2CVSS5.8AI score0.00025EPSS

Exploits1References3Affected Software1

CVE•added 2026/04/02 5:42 p.m.•7 views

CVE-2026-34593

This CVE affects Ash Framework (Elixir) where Ash.Type.Module.cast_input/2 unconditionally creates a new Erlang atom via Module.concat([value]) for inputs starting with "Elixir." before module existence is verified. The atom creation can exhaust BEAM’s atom table (default ~1,048,576 entries) and ...

8.2CVSS5.8AI score0.00025EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/04/02 5:42 p.m.•15 views

CVE-2026-34593 Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

8.2CVSS0.00025EPSS

Exploits1References2

Vulnrichment•added 2026/04/02 5:42 p.m.•1 views

CVE-2026-34593 Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

8.2CVSS5.8AI score0.00025EPSS

Exploits1References2

CNNVD•added 2026/04/02 12:0 a.m.•4 views

Ash Framework 资源管理错误漏洞

Ash Framework is an open-source framework used for building Elixir applications. Versions of Ash Framework prior to 3.22.0 contained a resource management vulnerability. This vulnerability stems from Ash.Type.Module.castinput/2, which “Elixir.”， thereby creating new Erlang atoms. This could lead ...

8.2CVSS5.8AI score0.00025EPSS

Exploits1References2

OSV•added 2026/04/01 12:14 a.m.•1 views

GHSA-JJF9-W5VJ-R6VP Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Summary Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the referenced module exists. Because Erlang atoms are never garbage-collected and the BEAM atom table has ...

8.2CVSS6AI score0.00025EPSS

Exploits1References5

RedhatCVE•added 2025/10/20 9:27 p.m.•5 views

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS7AI score0.00035EPSS

Exploits0References1

EUVD•added 2025/10/17 6:3 p.m.•2 views

EUVD-2025-34884

Ash has authorization bypass when bypass policy condition evaluates to true...

8.6CVSS6.5AI score0.00035EPSS

Exploits0References3

OSV•added 2025/10/17 6:3 p.m.•2 views

GHSA-PCXQ-FJP3-R752 Ash has authorization bypass when bypass policy condition evaluates to true

Summary Bypass policies incorrectly authorize requests when their condition evaluates to true but their authorization checks fail and no other policies apply. Impact Resources with bypass policies can be accessed without proper authorization when: - Bypass condition evaluates to true - Bypass...

8.6CVSS7.3AI score0.00035EPSS

Exploits0References6

NVD•added 2025/10/17 2:15 p.m.•2 views

CVE-2025-48044

8.6CVSS0.00035EPSS

Exploits0References4

OSV•added 2025/10/17 2:15 p.m.•4 views

CVE-2025-48044

8.6CVSS7AI score0.00035EPSS

Exploits0References2

OSV•added 2025/10/17 1:52 p.m.•1 views

EEF-CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before...

8.6CVSS5.8AI score0.00035EPSS

Exploits0References4

Cvelist•added 2025/10/17 1:52 p.m.•10 views

CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

8.6CVSS0.00035EPSS

Exploits0References4

Vulnrichment•added 2025/10/17 1:52 p.m.•2 views

CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

8.6CVSS6.6AI score0.00035EPSS

Exploits0References4

CVE•added 2025/10/17 1:52 p.m.•9 views

CVE-2025-48044

CVE-2025-48044 concerns an authorization bypass in ash-project ash due to a bug in lib/ash/policy/policy.ex (Elixir.Ash.Policy.Policy):expression/2. Affected versions are ash 3.6.3 up to, but not including, 3.7.1 (commit range 79749c... to 8b83efa...). The vulnerability can cause bypass when a by...

8.6CVSS6.6AI score0.00035EPSS

Exploits0References4

ATTACKERKB•added 2025/10/17 1:52 p.m.•4 views

CVE-2025-48044

8.6CVSS5.5AI score0.00035EPSS

Exploits0References3Affected Software1

CNNVD•added 2025/10/17 12:0 a.m.•2 views

Ash Framework 安全漏洞

Ash Framework is an Ash Framework open source framework for building Elixir applications. A security vulnerability exists in Ash Framework version 3.6.3 through versions prior to 3.7.1, which stems from improper authorization and could lead to authentication bypass...

8.6CVSS6.6AI score0.00035EPSS

Exploits0References3

EUVD•added 2025/10/13 1:33 p.m.•3 views

EUVD-2025-33747

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies...

8.6CVSS6.4AI score0.00118EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by