Lucene search
+L

33 matches found

Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-59889 jackson-databind: @JsonView ypassed for @JsonUnwrapped container properties on deserialization

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.18.0 until 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1, UnwrappedPropertyHandler.processUnwrapped replays buffered JSON for a @JsonUnwrapped property and calls...

6.5CVSS0.00416EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 9:32 p.m.19 views

CVE-2026-54518

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security view restrictions by sending specially crafted JSON JavaScript Object Notation data. The UnwrappedPropertyHandler component, which processes unwrapped properties, incorrectly populates constructor...

6.5CVSS5.7AI score0.00211EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 10:16 p.m.10 views

CVE-2026-54518

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults...

6.5CVSS0.00211EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 9:24 p.m.4 views

GHSA-5HH8-Q8HV-FR38 jackson-databind has @JsonView bypass for setterless creator properties

Summary In BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular property-buffering branch performed no prop.visibleInViewactiveView check. A change making SetterlessProperty.isMerging return true routed setterless...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/23 9:24 p.m.8 views

Incorrect Authorization

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incorrect Authorization in the...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 9:17 p.m.10 views

GHSA-RCQC-6CW3-H962 jackson-databind has a @JsonView bypass for unwrapped creator parameters

Summary UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults prop.visibleInViewactiveView. The normal property-based creator path gates creator properties on the active view, but this unwrapped-creator replay path bypasses tha...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/23 9:2 p.m.9 views

EUVD-2026-38629

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 9:2 p.m.31 views

CVE-2026-54518 jackson-databind: @JsonView bypass for unwrapped creator parameters in jackson-databind

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults...

6.5CVSS0.00211EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 9:2 p.m.6 views

CVE-2026-54518 jackson-databind: @JsonView bypass for unwrapped creator parameters in jackson-databind

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults...

6.5CVSS6AI score0.00211EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/23 8:47 p.m.35 views

CVE-2026-54517 jackson-databind: @JsonView bypass for setterless creator properties

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular...

5.3CVSS0.00237EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/18 1:55 p.m.8 views

CVE-2026-12527

A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and directly retrieve real-tim...

6CVSS5.3AI score0.00154EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/14 9:24 a.m.126 views

Exploit for Improper Input Validation in Microsoft

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulne...

9.8CVSS6.2AI score0.9466EPSS
Exploits23
OSV
OSV
added 2026/02/12 8:39 a.m.4 views

BIT-AIRFLOW-2026-22922 Apache Airflow: Airflow externalLogUrl Permission Bypass

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

6.5CVSS5.4AI score0.00382EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-20033

Malware in sbrugna...

4.3CVSS4.7AI score0.00879EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2025/05/30 11:57 a.m.154 views

Exploit for Improper Input Validation in Microsoft

🛡️ Moniker Link CVE-2024-21413 Room: Moniker Link C...

9.8CVSS7.7AI score0.9466EPSS
Exploits23
RedhatCVE
RedhatCVE
added 2025/05/23 6:0 a.m.10 views

CVE-2023-28645

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

6.5CVSS6.7AI score0.00745EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.9 views

PT-2024-23108 · Silverstripe · Silverstripe/Reports

Name of the Vulnerable Software and Affected Versions: silverstripe/reports versions prior to 5.2.3 Description: The issue allows reports to be accessed by their direct URL by any user who has access to view the reports admin section, even if the canView method for that report returns false...

5.3CVSS6.8AI score0.00404EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/06/04 9:29 a.m.27 views

CVE-2023-46630 WordPress Admin and Site Enhancements (ASE) plugin <= 5.7.1 - Password Protected View Bypass Vulnerability vulnerability

Improper Authentication vulnerability in wpase Admin and Site Enhancements ASE allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements ASE: from n/a through 5.7.1...

7.5CVSS7AI score0.00447EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 9:29 a.m.47 views

CVE-2023-46630 WordPress Admin and Site Enhancements (ASE) plugin <= 5.7.1 - Password Protected View Bypass Vulnerability vulnerability

Improper Authentication vulnerability in wpase Admin and Site Enhancements ASE allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements ASE: from n/a through 5.7.1...

7.5CVSS7.6AI score0.00447EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/05/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-21413

Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode...

9.8CVSS7.4AI score0.9466EPSS
Exploits23References1
Rows per page
Query Builder