Lucene search
K

6 matches found

Snyk
Snyk
added 2026/06/23 9:17 p.m.5 views

Incorrect Authorization

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incorrect Authorization in the...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 1:55 p.m.10 views

EUVD-2026-37894

A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and directly retrieve real-tim...

6CVSS5.3AI score0.00154EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 3:40 p.m.3 views

CVE-2026-44327 free5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handl...

10CVSS6AI score0.00311EPSS
Exploits1References5
CVE
CVE
added 2026/03/23 6:28 p.m.13 views

CVE-2026-33650

Summary: WWBN AVideo (≤26.0) allows a user with the Videos Moderator permission to perform full video management, including ownership transfer and deletion, despite the permission only enabling publicity changes. Root cause: Permissions::canModerateVideos() is used as the authorization gate for f...

7.6CVSS5.8AI score0.0024EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:17 p.m.10 views

OpenClaw DM pairing-store identities could satisfy group allowlist authorization

Summary DM pairing-store identities were incorrectly eligible for group allowlist authorization checks, enabling cross-context authorization in group message paths. Details In affected versions, group allowlist evaluation could inherit identities from the DM pairing store. A sender approved via D...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2025/12/30 8:16 p.m.19 views

CVE-2025-14987

CVE-2025-14987 : Temporal server has an Incorrect Authorization flaw when system.enableCrossNamespaceCommands is enabled (default on). The frontend validates RespondWorkflowTaskCompleted for the outer namespace, but the history service executes commands using the namespace embedded in command att...

5.3CVSS6.9AI score0.00358EPSS
Exploits0References3
Rows per page
Query Builder