Lucene search
+L

23 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-61836

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes version, path, query, and accountability.user but omits authorization context such as share, role...

8.6CVSS0.00277EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-61836 Directus: Authorization-dependent response served from unsegmented cache key

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes version, path, query, and accountability.user but omits authorization context such as share, role...

8.6CVSS0.00277EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44673

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes version, path, query, and accountability.user but omits authorization context such as share, role...

8.6CVSS6.1AI score0.00277EPSS
Exploits0References4
CVE
CVE
added 2 days ago8 views

CVE-2026-61836

CVE-2026-61836 affects Directus: prior to 12.0.0, the cache-key derivation in api/src/utils/get-cache-key.ts used version, path, query, and accountability.user but omitted authorization context (share, role, roles, admin, app, policies). This allows Directus share tokens and anonymous requests to...

8.6CVSS6.1AI score0.00277EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-61836 Directus: Authorization-dependent response served from unsegmented cache key

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes version, path, query, and accountability.user but omits authorization context such as share, role...

8.6CVSS6.1AI score0.00277EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 8:17 p.m.10 views

CVE-2026-52779

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusion in the Calendar and Team Planner modules allows a user with management permissions in one project to delete public Calendar or Team Planner Queries...

5.4CVSS0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.19 views

PT-2026-52910

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description An authorization context confusion and Insecure Direct Object Reference IDOR exist within the Calendar and Team Planner modules. A user with management...

5.4CVSS5.8AI score0.00185EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 12:16 p.m.30 views

CVE-2026-43535

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

8.1CVSS0.0022EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 11:25 a.m.7 views

EUVD-2026-27281

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

7.6CVSS5.9AI score0.0022EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 11:25 a.m.52 views

CVE-2026-43535 OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

7.6CVSS0.0022EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.6 views

CVE-2026-43535 OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

7.6CVSS5.9AI score0.0022EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:25 a.m.23 views

CVE-2026-43535

OpenClaw (prior to 2026.4.14) contains an authorization context reuse vulnerability in collect-mode queue batches. The flaw lets messages from different senders inherit the final sender’s authorization context, enabling an attacker to drain batches by injecting multiple queued messages and have e...

8.1CVSS5.9AI score0.0022EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:25 a.m.4 views

CVE-2026-43535

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

7.6CVSS5.9AI score0.0022EPSS
Exploits0References4
OSV
OSV
added 2026/05/05 11:25 a.m.4 views

CVE-2026-43535 OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

7.6CVSS6AI score0.0022EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.12 views

PT-2026-37020

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description An authorization context reuse issue exists in collect-mode queue batches. This allows messages from different senders to inherit the authorization context of the final sender. An attacker can...

7.6CVSS5.8AI score0.0022EPSS
Exploits0References7
OSV
OSV
added 2026/03/25 5:23 p.m.2 views

GHSA-647H-P824-99W7 @grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool

Impact The knowledgesearch and knowledgegetnode MCP tools are included in SCOPEDTOOLS visible to scoped agents but their handlers do not receive authContext and do not enforce workspace scoping. A scoped agent in Workspace A can supply an arbitrary workspaceId parameter to search or retrieve...

8.6CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/01/12 5:39 p.m.6 views

GO-2025-4272 Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts in go.temporal.io/server

Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts in go.temporal.io/server...

5.3CVSS6.8AI score0.00415EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/11 1:44 p.m.5 views

CVE-2025-64686

In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of incorrect authorization context...

5.3CVSS6.8AI score0.00005EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/10 3:31 p.m.6 views

EUVD-2025-44051

In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of incorrect authorization context...

3.1CVSS6.3AI score0.00005EPSS
Exploits0References2
NVD
NVD
added 2025/11/10 2:15 p.m.7 views

CVE-2025-64686

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions...

0.00005EPSS
Exploits0
Rows per page
Query Builder