Improper Authorization

github.com/authzed/spicedb is vulnerable to Improper Authorization. The vulnerability is due to incorrect handling of permission unions referencing the same relation in the LookupResources API, which allows an attacker to bypass expected permission checks by causing incomplete or missing...

CVE-2025-65111 SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...

Insecure Inherited Permissions

Overview Affected versions of this package are vulnerable to Insecure Inherited Permissions in the LookupResources API. An attacker can cause incomplete or missing results to be returned by crafting schemas that define permissions using unions referencing the same relation with different...

EUVD-2021-23039

Malware in sbrugna...

CVE-2025-39880

In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to cephconnectionv1info There is a place where generic code in messenger.c is reading and another place where it is writing to con-v1 union member without checking that the union member is active i.e...

CVE-2021-36436

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

Cyber security for Credit Unions 101

American consumers have two clear yet vastly differing choices when it comes to banking. Many opt for a large-sized national or regional bank. Folks select this option for a variety of reasons, typically due to the vast services and ease of use these powerhouses provide. Roughly 60% of Americans...

australianunions.org.au Cross Site Scripting vulnerability OBB-3770129

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Act Now to Prepare for New NCUA Cyber Incident Reporting Requirements

We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four 4 days. Now the National Credit Union Administration NCUA1 has updated their Cyber Incident Notification Rule, requiring all federally insured Credit Unions to notify the NCUA ...

CVE-2021-36436

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

CVE-2021-36436

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

Session fixation

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

CVE-2021-36436

CVE-2021-36436 concerns Mobicint Backend for Credit Unions v3. The issue enables retrieval of partial email addresses and user-entered information via the forgotten-password endpoint. Connected sources consistently describe leakage through that API call; no explicit exploit details, affected vers...

CVE-2021-36436

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

SUSE CVE-2004-0837

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service crash or hang via multiple threads that simultaneously alter MERGE table UNIONs...

SUSE CVE-2020-26243

Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being...

Crooks Spoofing Credit Unions to Steal Funds and Login Credentials

By Deeba Ahmed Email security provider Avanan revealed in a Thursday report that a new phishing campaign exploits local credit unions… This is a post from HackRead.com Read the original post: Crooks Spoofing Credit Unions to Steal Funds and Login Credentials...

australianunions.org.au Cross Site Scripting vulnerability OBB-2342214

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2021-14478 · Nanopb +2 · Nanopb +2

Name of the Vulnerable Software and Affected Versions: Nanopb versions prior to 0.3.9.8 and 0.4.5 Description: Decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and a...

DEBIAN-CVE-2020-26243

Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being...