204 matches found
CVE-2025-59020 TYPO3 CMS Allows Broken Access Control in Edit Document Controller
By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...
CVE-2025-59020 TYPO3 CMS Allows Broken Access Control in Edit Document Controller
By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...
CVE-2025-59020 TYPO3 CMS Allows Broken Access Control in Edit Document Controller
By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS that stems from the utilization of the defVals parameter that can bypass field-level access checks and may result in the insertion of arbitrary data into exclusion fields prohibited by a...
A Critical Analysis of the Medibank Health Data Breach and Differential Privacy Solutions
This paper critically examines the 2022 Medibank health insurance data breach, which exposed sensitive medical records of 9.7 million individuals due to unencrypted storage, centralized access, and the absence of privacy-preserving analytics. To address these vulnerabilities, we propose an...
CVE-2025-12147
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...
EUVD-2025-36685
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
EUVD-2025-36687
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...
CVE-2025-12147
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...
CVE-2025-12148
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
CVE-2025-12148 Unauthorized access to fields protected by Field Masking (FM) for fields of type IP
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
CVE-2025-12148 Unauthorized access to fields protected by Field Masking (FM) for fields of type IP
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
CVE-2025-12148
In CVE-2025-12148, Floragunn Search Guard FLX versions 3.1.1 and earlier expose a vulnerability where Field Masking (FM) rules are not properly enforced on IP-type fields. Although the redacted _source is returned, search hits can be based on specific IP values, enabling reconstruction of the ori...
CVE-2025-12147
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are misapplied on object-valued fields. An FLS exclusion (for example ~field) removes the object from the _source in search results, but the object’s child attributes remain accessible to queries, enabling potential ...
CVE-2025-12147 Unauthorized access to fields protected by Field-Level Security (FLS) when those fields are members of an object
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...
CVE-2025-12147 Unauthorized access to fields protected by Field-Level Security (FLS) when those fields are members of an object
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...
Floragunn Search Guard FLX 安全漏洞
Floragunn Search Guard FLX is a security component for protecting Elastic Search from Floragunn, Germany. A security vulnerability exists in Floragunn Search Guard FLX 3.1.1 and earlier versions, which stems from improper implementation of field-level security rules for object value fields, which...
PT-2025-44309
Name of the Vulnerable Software and Affected Versions Search Guard FLX versions 3.1.1 and earlier Description Field-Level Security FLS rules are not properly enforced on object-valued fields. When an FLS exclusion rule is applied to a field containing an object, the object is removed from search...
PT-2025-44310
Name of the Vulnerable Software and Affected Versions Search Guard versions 3.1.1 and earlier Description Field Masking FM rules are not properly enforced on fields of type IP IP Address. While the content of these fields is redacted in search results, documents are still returned when searching...
EUVD-2021-1968
Malware in sbrugna...