Ech0: Scoped admin access tokens can bypass least-privilege controls on privileged endpoints, including backup export

Summary Ech0 scoped access tokens do not reliably enforce least privilege: multiple privileged admin routes omit scope checks, and the backup export handler strips token scope metadata entirely, allowing a low-scope admin access token to reach broader admin functionality than intended. Impact An...

CVE-2026-33153

Tandoor Recipes prior to version 2.6.0 exposes a hidden query parameter ?debug=true in the Recipe API endpoint that returns the full raw SQL being executed, including table/column names, JOINs, WHERE conditions (reveling access control logic) and multi-tenant space IDs. This parameter remains ava...

EPSON Printer Controller Installer 安全漏洞

EPSON Printer Controller Installer is a printer driver installation software developed by EPSON, a Japanese company. The EPSON Printer Controller Installer has a security vulnerability, which stems from improper client authentication using the XPC protocol and incorrect execution of the macOS...

EUVD-2024-54674

Malicious code in bioql PyPI...

OpenFGA Authorization Bypass

Overview OpenFGA v1.9.3 to v1.9.4 openfga-0.2.40 = Helm chart = openfga-0.2.41, v1.9.3 = docker = v.1.9.4 are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.9.3 to...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper enforcement of authorization policies in the Check and ListObject processes. Note: The users are affected under the following preconditions: - Check API or ListObjects are called with an authorizatio...

PT-2025-25165 · Unknown · Ws.Stash.App.Mac.Daemon.Helper

Name of the Vulnerable Software and Affected Versions: ws.stash.app.mac.daemon.helper affected versions not specified Description: The issue is caused by an incorrect use of macOS’s authorization model in the ws.stash.app.mac.daemon.helper tool. Instead of validating the client's authorization...

GHSA-2HM9-H873-PGQH OpenFGA Vulnerable to DoS from circular relationship definitions

Overview OpenFGA is vulnerable to a DoS attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's possible for the server to exhaust resources and die. Am I Affected? Yes, if your store contains an...

CVE-2023-43645 Denial of service from circular relationship definitions in OpenFGA

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's...

The onlySeaport is a single point of failure and a centralization risk

Lines of code Vulnerability details Impact The onlySeaport holds a lot of power within the system, which can compromise the system integrity and it's permission-less nature. Having a single EOA as onlySeaport is a large centralization risk and a single point of failure. A single private key may b...

OpenFGA vulnerable to denial of service due to circular relationship

Overview OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.1.0 or...

GHSA-HR9R-8PHQ-5X8J OpenFGA vulnerable to denial of service due to circular relationship

Overview OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.1.0 or...

CVE-2023-35933 OpenFGA denial of service die to circular relationship

OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this...

CVE-2022-39352 OpenFGA Authorization Bypass

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...