CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

304 matches found

Chainguard•added 2026/05/06 7:17 p.m.•7 views

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: pgwatch, seaweedfs, ory-kratos, dapr-fips, temporal-fips, gitness, spqr, openbao, ldap2pg, bento-fips, cloudnative-pg-fips, falcosidekick, grafana-fips, openfga-fips, sftpgo-plugin-eventstore, chainloop-control-plane-fips, sqlexporter, chainloop-control-plane,...

9.8CVSS5.8AI score0.00012EPSS

Exploits0

vulnersOsv•added 2026/05/01 9:30 a.m.•1 views

a10-octavia (>=1.0.0 <=2.2.0), gadgetfinder (>=0.0.1 <=1.0.0) +3 more potentially affected by CVE-2026-43001 via keystone (>=15.0.1 <=29.0.1)

keystone PYPI version =15.0.1, =1.0.0, =0.0.1, =0.1.0, =0.1.0, =1.12.0 Source cves: CVE-2026-43001 Source advisory: SNYK:PYTHON-KEYSTONE-16479530...

8.5CVSS5.8AI score0.00018EPSS

Exploits1

RedhatCVE•added 2026/04/28 11:5 a.m.•1 views

CVE-2026-41131

A flaw was found in OpenFGA, an authorization and permission engine. When certain authorization models use conditions with caching enabled, the system can incorrectly generate the same cache key for different requests. This error causes OpenFGA to reuse an outdated authorization decision,...

5CVSS5.2AI score0.00046EPSS

Exploits0References5

Chainguard•added 2026/04/23 7:27 p.m.•5 views

GHSA-J88V-2CHJ-QFWX vulnerabilities

5.8AI score

Exploits0

EUVD•added 2026/04/22 7:43 p.m.•0 views

EUVD-2026-24573

OpenFGA has Improper Policy Enforcement...

5CVSS5.7AI score0.00046EPSS

Exploits0References3

Github Security Blog•added 2026/04/22 7:43 p.m.•3 views

OpenFGA has Improper Policy Enforcement

Description In OpenFGA, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result for a subsequent request. Am I Affected? Users are affected if their...

5CVSS5.8AI score0.00046EPSS

Exploits0References4Affected Software1

OSV•added 2026/04/22 7:43 p.m.•1 views

GHSA-57J5-QWP2-VQP6 OpenFGA has Improper Policy Enforcement

5CVSS5.8AI score0.00046EPSS

Exploits0References4

Snyk•added 2026/04/22 1:6 a.m.•3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

5CVSS5.4AI score0.00046EPSS

Exploits0References2

Snyk•added 2026/04/22 1:6 a.m.•1 views

Incorrect Authorization

5CVSS5.4AI score0.00046EPSS

Exploits0References2

Snyk•added 2026/04/22 1:6 a.m.•1 views

Incorrect Authorization

5CVSS5.4AI score0.00046EPSS

Exploits0References2

NVD•added 2026/04/22 12:16 a.m.•0 views

CVE-2026-41131

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result f...

5CVSS0.00046EPSS

Exploits0References2

CNNVD•added 2026/04/22 12:0 a.m.•3 views

OpenFGA 安全漏洞

OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.14.1 contained a security vulnerability. This vulnerability arises from the use of cache conditions in certain scenarios, which may lead to two different chec...

5CVSS5.8AI score0.00046EPSS

Exploits0References1

CVE•added 2026/04/21 11:38 p.m.•7 views

CVE-2026-41131

CVE-2026-41131 affects OpenFGA prior to version 1.14.1. In scenarios where models use conditions with caching enabled, two distinct check requests can yield the same cache key, causing an earlier cached result to be reused for a later request. Preconditions: the model has relations that rely on c...

5CVSS5.8AI score0.00046EPSS

Exploits0References2Affected Software2

Cvelist•added 2026/04/21 11:38 p.m.•23 views

CVE-2026-41131 OpenFGA has Improper Policy Enforcement

5CVSS0.00046EPSS

Exploits0References2

ATTACKERKB•added 2026/04/21 11:38 p.m.•1 views

CVE-2026-41131

5CVSS5.8AI score0.00046EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/21 11:38 p.m.•1 views

CVE-2026-41131 OpenFGA has Improper Policy Enforcement

5CVSS5.8AI score0.00046EPSS

Exploits0References2

RedhatCVE•added 2026/04/21 5:6 p.m.•1 views

CVE-2026-40293

A flaw was found in OpenFGA, an authorization/permission engine. When OpenFGA is configured to use preshared-key authentication and the built-in playground is enabled and accessible beyond localhost or trusted networks, a remote attacker can exploit this vulnerability. The local server includes t...

7.5CVSS5.7AI score0.00088EPSS

Exploits0References5

Veracode•added 2026/04/20 9:27 a.m.•4 views

Improper Policy Enforcement

github.com/openfga/openfga is vulnerable to improper policy enforcement. The vulnerability is due to inadequate validation during certain Check and ListObject calls, which allows an attacker to bypass authorization controls and gain unauthorized access to resources...

8.8CVSS7.4AI score0.00067EPSS

Exploits0References3Affected Software1

NVD•added 2026/04/17 9:16 p.m.•1 views

CVE-2026-40293

OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1, when OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the /playground...

6.5CVSS0.00088EPSS

Exploits0References2

Cvelist•added 2026/04/17 8:47 p.m.•18 views

CVE-2026-40293 OpenFGA Playground Preshared Key Exposure

6.5CVSS0.00088EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by