Lucene search
K

28 matches found

NVD
NVD
added 2026/06/23 7:17 p.m.8 views

CVE-2026-55736

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS0.00152EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:21 p.m.6 views

CVE-2026-55736

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/23 6:21 p.m.13 views

CVE-2026-55736

CVE-2026-55736 (Ash project) : A logic flaw in Ash allows end-user input to set private action arguments intended to be server-controlled. In non-atomic paths, private arguments are stripped only when the parameter key is an atom; if the key is a string, the private argument remains controllable ...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 6:21 p.m.41 views

CVE-2026-55736 Private action arguments can be set by user input in Ash

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS0.00152EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 6:21 p.m.11 views

EUVD-2026-38570

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 6:21 p.m.6 views

EEF-CVE-2026-55736 Private action arguments can be set by user input in Ash

Summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/17 6:3 p.m.5 views

EUVD-2025-34884

Ash has authorization bypass when bypass policy condition evaluates to true...

8.6CVSS6.5AI score0.00805EPSS
Exploits0References3
OSV
OSV
added 2025/10/17 1:52 p.m.5 views

CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS5.9AI score0.00805EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/10/17 1:52 p.m.15 views

CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS0.00805EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/10/17 1:52 p.m.4 views

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS5.5AI score0.00805EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/10/17 1:52 p.m.16 views

CVE-2025-48044

CVE-2025-48044 concerns an authorization bypass in ash-project ash due to a bug in lib/ash/policy/policy.ex (Elixir.Ash.Policy.Policy):expression/2. Affected versions are ash 3.6.3 up to, but not including, 3.7.1 (commit range 79749c... to 8b83efa...). The vulnerability can cause bypass when a by...

8.6CVSS6.6AI score0.00805EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/17 1:52 p.m.3 views

CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS6.6AI score0.00805EPSS
Exploits0References4
OSV
OSV
added 2025/10/17 1:52 p.m.4 views

EEF-CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before...

8.6CVSS5.8AI score0.00805EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/13 7:21 a.m.2 views

CVE-2025-48043

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

8.6CVSS7AI score0.00464EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/10 3:57 p.m.4 views

CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

8.6CVSS6.6AI score0.00464EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/10 3:57 p.m.11 views

CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

8.6CVSS0.00464EPSS
Exploits0References4
OSV
OSV
added 2025/10/10 3:57 p.m.3 views

EEF-CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict\filters/2. This issue affects ash: from pkg:hex/ash...

8.6CVSS6.1AI score0.00464EPSS
Exploits0References4
CVE
CVE
added 2025/10/10 3:57 p.m.12 views

CVE-2025-48043

CVE-2025-48043 describes an Incorrect Authorization vulnerability in the Ash Framework ('ash') that allows authentication bypass via the policy authorizer. The issue is tied to lib/ash/policy/authorizer/authorizer.ex and Elixir.Ash.Policy.Authorizer:strict_filters/2 and affects ash versions prior...

8.6CVSS6.6AI score0.00464EPSS
Exploits0References4
OSV
OSV
added 2025/10/10 3:57 p.m.4 views

CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

8.6CVSS5.9AI score0.00464EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27096

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00293EPSS
Exploits0References3
Rows per page
Query Builder