Lucene search
K

87 matches found

NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-46668

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0...

2.3CVSS0.00276EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/10 10:15 p.m.4 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource through improper handling of caveat structures containing nested lists in the caching process. An attacker can gain unauthorized access to protected resources by crafting requests th...

3.1CVSS5.3AI score0.00276EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 10:15 p.m.5 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource through improper handling of caveat structures containing nested lists in the caching process. An attacker can gain unauthorized access to protected resources by crafting requests th...

3.1CVSS5.3AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:11 p.m.7 views

CVE-2026-46668 SpiceDB: Caveat structures with nested lists can result in improper cache reuse

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0...

2.3CVSS5.3AI score0.00276EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 8:11 p.m.10 views

EUVD-2026-36122

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0...

2.3CVSS5.3AI score0.00276EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 8:11 p.m.22 views

CVE-2026-46668

The CVE-2026-46668 issue affects SpiceDB releases earlier than v1.52.0, where caveat structures containing nested lists could cause improper cache reuse. Affected versions range from v1.15.0 up to, but not including, v1.52.0. The root cause centers on how nested caveat data is cached, enabling po...

2.3CVSS5.3AI score0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 8:11 p.m.30 views

CVE-2026-46668 SpiceDB: Caveat structures with nested lists can result in improper cache reuse

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0...

2.3CVSS0.00276EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

SpiceDB 授权问题漏洞

SpiceDB is a fine-grained permission database developed by the Authzed team. In versions 1.15.0 to 1.52.0 of SpiceDB, there was an authorization vulnerability. This vulnerability stemmed from the caveat structure, which contained nested lists, potentially leading to improper caching reuse...

2.3CVSS5.3AI score0.00276EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:2 p.m.15 views

Malicious code in codex-devcontainer-install (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8248bf278df1e89da484099e912cdf9f8659976469a219bee14a03e2755391ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/23 12:0 a.m.13 views

MAL-2026-4277 Malicious code in dev-env-bootstrapper (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/05/21 8:28 p.m.8 views

GHSA-MQCF-GQVG-RMHM SpiceDB: Caveat structures with nested lists can result in improper cache reuse

Impact Users are impacted if: - They have a caveat structure with a nested list, e.g.: zed caveat shapex list x == "a", "b" - Their system exercises that caveat with either CheckBulkPermission or else LookupResources running with the --experimental-lookup-resources-version flag set to lr3, implyi...

2.3CVSS5.8AI score0.00276EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/21 8:28 p.m.11 views

SpiceDB: Caveat structures with nested lists can result in improper cache reuse

Impact Users are impacted if: - They have a caveat structure with a nested list, e.g.: zed caveat shapex list x == "a", "b" - Their system exercises that caveat with either CheckBulkPermission or else LookupResources running with the --experimental-lookup-resources-version flag set to lr3, implyi...

2.3CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42636

Impact Users are impacted if: - They have a caveat structure with a nested list, e.g.: zed caveat shapex list x == "a", "b" - Their system exercises that caveat with either CheckBulkPermission or else LookupResources running with the --experimental-lookup-resources-version flag set to lr3, implyi...

2.3CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2026/04/13 3:33 p.m.6 views

MAL-2026-2621 Malicious code in walmart-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4cb99836d95f651dcdf50a02819e299598fbb9e62a702601ce6fa89c3ed6ec0 The package walmart-internal was found to contain malicious code. Source: ghsa-malware 88f5dbf5cfe998f7ad3015cadd6b280accbeb5aadf15cdc7575f4f83a6f572...

5.7AI score
Exploits0References1
MongoDB
MongoDB
added 2026/04/13 3:31 p.m.6 views

bson_validate may skip validation when processing certain inputs

The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...

7.5CVSS5.2AI score0.00184EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/23 1:47 p.m.7 views

MAL-2026-2100 Malicious code in shakti-pwa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdac10e664bf4e0a73263401629caf12d2ed80e3cf76f36fa18a7c2d599e5229 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 3:51 p.m.7 views

Malicious code in delta666 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8eaa59df9b36fbda7fdbb9f429aa77b3dd4ce913b22d3e1f7991750136306a The package delta666 was found to contain malicious code. Source: ghsa-malware ed1b6c9a5c4e82e4f1f205e90a5ac9c271dccbf998e06ed81199102594e23d0f Any...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/16 2:29 p.m.3 views

MAL-2026-1465 Malicious code in hariprasath (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b76de996c85f413b2169be46799cbd7dcd1d32a23eb303d0b17ecccae1b10011 The package hariprasath was found to contain malicious code. Source: ghsa-malware df15d2b2f2032416b2715e63515ca04b9bfeb6129516f9fa92d3a633942d07cc An...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/02/11 3:13 p.m.6 views

MAL-2026-859 Malicious code in systemtest-network (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8fadd3f7e7470daeb4e977c85dbe226a9225b2c4eae6c269a4d85fc01e96681 The package systemtest-network was found to contain malicious code. Source: ghsa-malware...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/01/20 3:57 a.m.5 views

MAL-2026-357 Malicious code in chai-bin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70584b6893352163c2a0c5341a2e577feaec7949d8719725a62e0d87e5b1d542 The package chai-bin was found to contain malicious code. Source: ghsa-malware a1636ea6e8016a1000135fcda28819cd75c13f4a95933606b7e792737fe630f0 Any...

5.5AI score
Exploits0References1
Rows per page
Query Builder