Lucene search
K

10 matches found

NVD
NVD
added yesterday4 views

CVE-2026-55771

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals has inverted null/self branches which could lead to incorrect equality comparisons. The EntityIdentifier.equals meth...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-55771

CVE-2026-55771 affects CedarJava prior to 4.9.0, where EntityIdentifier.equals() has inverted null/self-reference checks, causing incorrect equality results in custom integrations. The bug does not alter Cedar’s authorization decisions (computed in Rust from JSON) but could affect external code p...

8.8CVSS6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.24 views

PT-2026-41210

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the assistant create and update processes. The application uses Object.assign to copy the request body into the Assistant entity without an explicit field allowlist,...

8.8CVSS5.5AI score0.00335EPSS
Exploits0References8
OSV
OSV
added 2026/01/29 12:46 a.m.6 views

CGA-F3QC-9MW6-MHX6

Bulletin has no description...

5.8AI score
Exploits0
NVD
NVD
added 2025/10/20 4:15 p.m.7 views

CVE-2025-40016

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

0.00231EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2025/10/17 1:1 a.m.10 views

net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg

...

5.5CVSS7AI score0.00213EPSS
Exploits0
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.5 views

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM 5.13.0 and earlier versions, which stems from the EID parameter being directly connected to a SQL query without proper cleanup, which is susceptible to SQL injection...

9.3CVSS9.3AI score0.00583EPSS
Exploits1References1
Circl
Circl
added 2024/09/02 1:19 a.m.7 views

CVE-2024-45508

creationtimestamp| type| source ---|---|--- 2024-09-02 01:19:48+00:00| seen| https://t.me/cvedetector/4585...

9.8CVSS8.5AI score0.00706EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.7 views

SUSE CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

4.3CVSS8AI score0.01256EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/06/23 4:52 p.m.6 views

Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation

It was found that PKIX trust components allowed an X.509 credential to be trusted if no trusted names were available for the entityID. An attacker could use a certificate issued by a shibmd:KeyAuthority trust anchor to impersonate an entity within the scope of that keyAuthority...

4.3CVSS7.2AI score0.01256EPSS
Exploits0References5
Rows per page
Query Builder