CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

CVE-2026-55736

CVE-2026-55736 (Ash project) : A logic flaw in Ash allows end-user input to set private action arguments intended to be server-controlled. In non-atomic paths, private arguments are stripped only when the parameter key is an atom; if the key is a string, the private argument remains controllable ...

5.9CVSS5.8AI score

Exploits0References4

ATTACKERKB•added yesterday•3 views

CVE-2026-55736

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS5.8AI score

Exploits0References5Affected Software1

EUVD•added yesterday•4 views

EUVD-2026-38570

5.9CVSS5.8AI score

Exploits0References4

EUVD•added 2025/10/17 6:3 p.m.•3 views

EUVD-2025-34884

Ash has authorization bypass when bypass policy condition evaluates to true...

8.6CVSS6.5AI score0.0081EPSS

Exploits0References3

OSV•added 2025/10/17 2:15 p.m.•4 views

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS7AI score0.0081EPSS

Exploits0References2

CVE•added 2025/10/17 1:52 p.m.•12 views

CVE-2025-48044

CVE-2025-48044 concerns an authorization bypass in ash-project ash due to a bug in lib/ash/policy/policy.ex (Elixir.Ash.Policy.Policy):expression/2. Affected versions are ash 3.6.3 up to, but not including, 3.7.1 (commit range 79749c... to 8b83efa...). The vulnerability can cause bypass when a by...

8.6CVSS6.6AI score0.0081EPSS

Exploits0References4

Cvelist•added 2025/10/17 1:52 p.m.•12 views

CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

8.6CVSS0.0081EPSS

Exploits0References4

ATTACKERKB•added 2025/10/17 1:52 p.m.•4 views

CVE-2025-48044

8.6CVSS5.5AI score0.0081EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2025/10/17 1:52 p.m.•3 views

CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

8.6CVSS6.6AI score0.0081EPSS

Exploits0References4

OSV•added 2025/10/17 1:52 p.m.•2 views

EEF-CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before...

8.6CVSS5.8AI score0.0081EPSS

Exploits0References4

RedhatCVE•added 2025/10/13 7:21 a.m.•2 views

CVE-2025-48043

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

8.6CVSS7AI score0.0047EPSS

Exploits0References1

OSV•added 2025/10/10 4:15 p.m.•2 views

CVE-2025-48043

8.6CVSS7AI score0.0047EPSS

Exploits0References2

CVE•added 2025/10/10 3:57 p.m.•8 views

CVE-2025-48043

CVE-2025-48043 describes an Incorrect Authorization vulnerability in the Ash Framework ('ash') that allows authentication bypass via the policy authorizer. The issue is tied to lib/ash/policy/authorizer/authorizer.ex and Elixir.Ash.Policy.Authorizer:strict_filters/2 and affects ash versions prior...

8.6CVSS6.6AI score0.0047EPSS

Exploits0References4

Vulnrichment•added 2025/10/10 3:57 p.m.•3 views

CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

8.6CVSS6.6AI score0.0047EPSS

Exploits0References4

Cvelist•added 2025/10/10 3:57 p.m.•6 views

CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

8.6CVSS0.0047EPSS

Exploits0References4

OSV•added 2025/10/10 3:57 p.m.•2 views

EEF-CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@...

8.6CVSS5.8AI score0.0047EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-27096

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00293EPSS

Exploits0References3

OSV•added 2025/09/07 4:15 p.m.•3 views

CVE-2025-48042

Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routine...

7.1CVSS7AI score0.00293EPSS

Exploits0References2

Cvelist•added 2025/09/07 4:1 p.m.•8 views

CVE-2025-48042 Before action hooks may execute in certain scenarios despite a request being forbidden

7.1CVSS0.00293EPSS

Exploits0References4

Vulnrichment•added 2025/09/07 4:1 p.m.•2 views

CVE-2025-48042 Before action hooks may execute in certain scenarios despite a request being forbidden

7.1CVSS6.5AI score0.00293EPSS

Exploits0References4

Rows per page