CVE-2026-46668

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource through improper handling of caveat structures containing nested lists in the caching process. An attacker can gain unauthorized access to protected resources by crafting requests th...

CVE-2026-46668 SpiceDB: Caveat structures with nested lists can result in improper cache reuse

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0...

CVE-2026-46668 SpiceDB: Caveat structures with nested lists can result in improper cache reuse

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0...

EUVD-2026-36122

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0...

CVE-2026-46668

The CVE-2026-46668 issue affects SpiceDB releases earlier than v1.52.0, where caveat structures containing nested lists could cause improper cache reuse. Affected versions range from v1.15.0 up to, but not including, v1.52.0. The root cause centers on how nested caveat data is cached, enabling po...

GHSA-MQCF-GQVG-RMHM SpiceDB: Caveat structures with nested lists can result in improper cache reuse

Impact Users are impacted if: - They have a caveat structure with a nested list, e.g.: zed caveat shapex list x == "a", "b" - Their system exercises that caveat with either CheckBulkPermission or else LookupResources running with the --experimental-lookup-resources-version flag set to lr3, implyi...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of dstcache in the seg6 lwtunnel mechanism. This cache shares input and output paths,...

CVE-2026-41131

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result f...

PT-2026-28515

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.13.1 Description OpenFGA is a high-performance and flexible authorization/permission engine. Under specific conditions, models using conditions with caching enabled can result in two different check requests produci...

SUSE-SU-2026:0066-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14524: Fixed bearer token leak on cross-protocol redirect bsc1255731 - CVE-2025-15079: Fixed unknown host connection acceptance when set in the global knownhostsfile bsc1255733 - CVE-2025-14819: Fixed issue where alteration of...

Security update for curl

This update for curl fixes the following issues: CVE-2025-14524: Fixed bearer token leak on cross-protocol redirect bsc1255731 CVE-2025-15079: Fixed unknown host connection acceptance when set in the global knownhostsfile bsc1255733 CVE-2025-14819: Fixed issue where alteration of...

EUVD-2025-4074

Malicious code in bioql PyPI...

EUVD-2025-26502

Malicious code in bioql PyPI...

CVE-2025-9901 Libsoup: improper handling of http vary header in libsoup caching

A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be...

Envoy 资源管理错误漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A resource management error vulnerability exists in Envoy versions 1.34.0 through 1.34.4 and 1.35.0, which stems from the presence of post-release reuse in the DNS cache and could result in an abnormal process...

CVE-2025-25183

A flaw was found in the vllm package. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. The impact of a collision would be using a cache that was generated using different content...

PYSEC-2025-62

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-i...

CVE-2025-25183

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-i...

CVE-2025-25183

CVE-2025-25183 affects vLLM (prefix cache) where malicious inputs can trigger Python 3.12’s hash(None) behaving as a predictable constant, enabling hash collisions in the prefix cache. This may allow cache entries created from one prompt to be reused for another, causing unintended behavior in re...