Lucene search
K

28 matches found

OSV
OSV
added 6 days ago3 views

CVE-2026-55170 OpenFGA MySQL backend: case-insensitive collation on identifier columns causes incorrect authorization decisions

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorizationmodel identifier columns can compare case-distinct values such as...

2.1CVSS6.1AI score0.00248EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.6 views

PT-2026-56259

Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.17 through 4.15.0-beta3 Description An authenticated tenant user can call the 'POST /api/core/dataset/collection/create/reTrainingCollection' endpoint to persist a datasetId value belonging to another tenant. This results...

6.3CVSS6.1AI score0.00246EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/11 5:5 a.m.13 views

EUVD-2026-36214

The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored...

7.5CVSS5.4AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 5:5 a.m.3 views

CVE-2026-41856 Spring GraphQL Annotation Detection Vulnerability

The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored...

7.5CVSS5.9AI score0.00352EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.10 views

cve-2026-41856 - HIGH - Spring GraphQL Annotation Detection Vulnerability

cve-2026-41856 - HIGH - Spring GraphQL Annotation Detection Vulnerability...

7.5CVSS6.1AI score0.00352EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 5:1 p.m.6 views

CVE-2026-4363

GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisio...

3.7CVSS5.8AI score0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 3:4 p.m.16 views

CVE-2026-4363

CVE-2026-4363 affects GitLab EE: versions 18.1–before 18.8.7, 18.9–before 18.9.3, and 18.10–before 18.10.1 are impacted due to improper caching of authorization decisions. This could allow an authenticated user to gain unauthorized access to resources. GitLab has released patches; upgrading to 18...

3.7CVSS5.8AI score0.00117EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/15 3:30 p.m.4 views

GHSA-8M3C-C723-H4P4 django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

5.4CVSS7.1AI score0.00143EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.30 views

CVE-2025-65431

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

0.00143EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/08 4:26 p.m.6 views

Use of Non-Canonical URL Paths for Authorization Decisions

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions due to improper URL decoding logic. The pathname validation used for...

6.9CVSS6.9AI score0.00481EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/12/04 3:7 p.m.5 views

org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions...

7.5CVSS7.1AI score0.0046EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/10/14 5:59 p.m.4 views

org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions...

7.5CVSS7.1AI score0.0046EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29537

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.0046EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/17 3:50 p.m.7 views

CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS5.9AI score0.0046EPSS
Exploits0References5
OSV
OSV
added 2025/09/16 11:15 a.m.3 views

DEBIAN-CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS6.7AI score0.0046EPSS
Exploits0References1
NVD
NVD
added 2025/09/16 11:15 a.m.5 views

CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS0.0046EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/09/16 10:15 a.m.6 views

CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS6.7AI score0.0046EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:46 p.m.12 views

CVE-2021-41230

Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make...

8.8CVSS6.7AI score0.00832EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-51216

Name of the Vulnerable Software and Affected Versions allauth-django versions prior to 65.13.0 Description An issue exists in allauth-django where Okta and NetIQ were utilizing the preferred username value as an identifier for third-party provider accounts. This value is mutable and should not be...

5.4CVSS5.8AI score0.00143EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.25 views

RHEL 8 : polkit (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - polkit: Improper handling of user with uid INTMAX leading to authentication bypass CVE-2018-19788 - In...

8AI score0.11483EPSS
Exploits1References2
Rows per page
Query Builder