Lucene search
+L

459 matches found

nvd
nvd
•added 2026/07/01 8:17 p.m.•5 views

CVE-2026-49858

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS0.00197EPSS
Exploits0References1
cve
cve
•added 2026/07/01 7:24 p.m.•29 views

CVE-2026-49858

API Platform Core contains a cross-user attribute leak in JSON:API and HAL item normalizers due to a missing isCacheKeySafe gate. Affected versions: 2.6.0 up to 4.1.28, 4.2.25, and 4.3.11 (i.e., before 4.1.29, 4.2.26, 4.3.12). Root cause: componentsCache arrays are keyed on $context['cache_key'] ...

5.9CVSS5.7AI score0.00197EPSS
Exploits0References1
attackerkb
attackerkb
•added 2026/07/01 7:24 p.m.•9 views

CVE-2026-49858

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS5.7AI score0.00197EPSS
Exploits0References2Affected Software3
osv
osv
•added 2026/07/01 7:24 p.m.•4 views

CVE-2026-49858 API Platform Core: Cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS5.9AI score0.00197EPSS
Exploits0References3
cvelist
cvelist
•added 2026/07/01 7:24 p.m.•37 views

CVE-2026-49858 API Platform Core: Cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS0.00197EPSS
Exploits0References1
astralinux
astralinux
•added 2026/06/24 3:11 p.m.•4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: added srng-lock for ath11khalsrng in monitor mode. ath11khalsrng should be used with srng-lock to protect the srng data. For ath11kdprxmondestprocess and ath11kdpfullmonprocessrx, they use ath11khalsrng multiple...

5.5CVSS5.8AI score0.00178EPSS
Exploits0References3
redhatcve
redhatcve
•added 2026/06/06 12:43 p.m.•15 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

7.8CVSS5.4AI score0.00094EPSS
Exploits0References1
nvd
nvd
•added 2026/06/05 11:16 a.m.•13 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

7.8CVSS0.00094EPSS
Exploits0References1
attackerkb
attackerkb
•added 2026/06/05 10:15 a.m.•10 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

6.4CVSS5.5AI score0.00094EPSS
Exploits0References2
ptsecurity
ptsecurity
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46233

Name of the Vulnerable Software and Affected Versions API Platform Core versions 2.6.0 through 4.1.28 API Platform Core versions 4.2.0 through 4.2.25 API Platform Core versions 4.3.0 through 4.3.11 Description A missing isCacheKeySafe gate in the JSON:API and HAL item normalizers leads to a...

5.9CVSS5.6AI score0.00197EPSS
Exploits0References10
talosblog
talosblog
•added 2026/02/26 7:0 p.m.•10 views

Henry IV, Hotspur, Hal, and hallucinations

Welcome to this week's edition of the Threat Source newsletter. " 'Tis dangerous to take a cold, to sleep, to drink; but I tell you, my lord fool, out of this nettle, danger, we pluck this flower, safety." - Hotspur, Shakespeare's Henry IV, Part 1: Act 2 Scene 3 I get it. Hotspur is the...

10CVSS6AI score0.57793EPSS
Exploits10
nessus
nessus
•added 2026/01/14 12:0 a.m.•5 views

MiracleLinux 3 : acpid-1.0.4-9.1.1AXS3 (AXSA:2009-429:03)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-429:03 advisory. acpid is a daemon that dispatches ACPI events to user-space programs. Security issues fixed with this release: CVE-2009-4033 No information available at the...

6.9CVSS5.5AI score0.00309EPSS
Exploits1References2
redhatcve
redhatcve
•added 2026/01/09 11:17 a.m.•5 views

CVE-2021-0673

In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326...

7.8CVSS6.7AI score0.00668EPSS
Exploits0References1
redhatcve
redhatcve
•added 2026/01/09 11:16 a.m.•12 views

CVE-2021-0540

In halWrapperDataCallback of halwrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

6.7CVSS7.1AI score0.00117EPSS
Exploits0References1
redhatcve
redhatcve
•added 2026/01/09 10:16 a.m.•8 views

CVE-2019-2023

In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. This could allow an app to add or replace a HAL service with its own service, gaining code execution in a privileged process.Product: AndroidVersions: Android-8....

7.8CVSS7.2AI score0.00489EPSS
Exploits1References1
redhatcve
redhatcve
•added 2026/01/09 9:14 a.m.•7 views

CVE-2022-23429

An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash...

5.3CVSS6.7AI score0.001EPSS
Exploits0References1
redhatcve
redhatcve
•added 2026/01/09 8:44 a.m.•14 views

CVE-2022-23428

An improper boundary check in edenruntime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution...

8.4CVSS7.1AI score0.00152EPSS
Exploits0References1
redhatcve
redhatcve
•added 2025/11/05 4:14 a.m.•7 views

CVE-2025-27064

Information disclosure while registering commands from clients with diag through diagHal...

6.1CVSS6.9AI score0.00077EPSS
Exploits0References1
cvelist
cvelist
•added 2025/11/04 3:19 a.m.•14 views

CVE-2025-27064 Buffer Over-read in Core Services

Information disclosure while registering commands from clients with diag through diagHal...

6.1CVSS0.00077EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2025/11/04 3:19 a.m.•3 views

CVE-2025-27064 Buffer Over-read in Core Services

Information disclosure while registering commands from clients with diag through diagHal...

6.1CVSS6.5AI score0.00077EPSS
Exploits0References1
Rows per page
Query Builder