CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

GHSA-5HH8-Q8HV-FR38 jackson-databind has @JsonView bypass for setterless creator properties

Summary In BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular property-buffering branch performed no prop.visibleInViewactiveView check. A change making SetterlessProperty.isMerging return true routed setterless...

5.3CVSS5.8AI score0.00237EPSS

Exploits0References6

Positive Technologies•added 2026/06/23 12:0 a.m.•10 views

PT-2026-51600

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description In the BeanDeserializer. deserializeUsingPropertyBased function, the active-view @JsonView filter was applied only to creator properties,...

5.3CVSS5.7AI score0.00237EPSS

Exploits0References13

EUVD•added 2026/03/26 6:31 p.m.•5 views

EUVD-2026-16245

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

4.3CVSS5.8AI score0.00231EPSS

Exploits0References2

OSV•added 2026/03/26 6:31 p.m.•3 views

GHSA-MPC7-MM28-F6WQ Mattermost allows authenticated guest users to enumerate user IDs outside their allowed visibility scope

4.3CVSS5.9AI score0.00231EPSS

Exploits0References3

NVD•added 2026/03/26 5:16 p.m.•10 views

CVE-2026-3115

4.3CVSS0.00231EPSS

Exploits0References1

CVE•added 2026/03/26 4:23 p.m.•18 views

CVE-2026-3115

Mattermost fixes for CVE-2026-3115 affect this product family: versions 11.2.x ≤ 11.2.2, 10.11.x ≤ 10.11.10, 11.4.x ≤ 11.4.0, and 11.3.x ≤ 11.3.1 fail to apply view restrictions when retrieving group member IDs. This allows authenticated guest users to enumerate user IDs outside their visibility ...

4.3CVSS5.8AI score0.00231EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/03/26 4:23 p.m.•21 views

CVE-2026-3115 Guest users can view group member IDs without respecting view restrictions

4.3CVSS0.00231EPSS

Exploits0References1

ATTACKERKB•added 2026/03/26 4:23 p.m.•2 views

CVE-2026-3115

4.3CVSS5.8AI score0.00231EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/26 4:23 p.m.•2 views

CVE-2026-3115 Guest users can view group member IDs without respecting view restrictions

4.3CVSS5.8AI score0.00231EPSS

Exploits0References1

Positive Technologies•added 2026/03/26 12:0 a.m.•10 views

PT-2026-28424

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.10 Mattermost versions 11.2.x through 11.2.2 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0 Description The application fails to enforce view restrictions when...

4.3CVSS5.8AI score0.00231EPSS

Exploits0References9

OSV•added 2026/03/11 8:49 p.m.•3 views

CVE-2026-32123 OpenEMR: Therapy Group Sensitivity ACL No Longer Enforced

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults formencounter for sensitivity, while group encounters store sensitivity in...

7.7CVSS5.8AI score0.00252EPSS

Exploits1References3

EUVD•added 2026/02/27 9:30 a.m.•9 views

EUVD-2026-9005

A flaw was found in Keycloak. An administrator with manage-users permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the syste...

4.9CVSS5.8AI score0.00307EPSS

Exploits0References5

ATTACKERKB•added 2026/02/27 7:30 a.m.•6 views

CVE-2026-0871

4.9CVSS5.8AI score0.00307EPSS

Exploits0References5

Cvelist•added 2026/02/27 7:30 a.m.•23 views

CVE-2026-0871 Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators

4.9CVSS0.00307EPSS

Exploits0References4

Vulnrichment•added 2026/02/27 7:30 a.m.•3 views

CVE-2026-0871 Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators

4.9CVSS5.8AI score0.00307EPSS

Exploits0References4

AlpineLinux•added 2026/02/27 7:30 a.m.•3 views

CVE-2026-0871

4.9CVSS5.8AI score0.00307EPSS

Exploits0References4

RedHat Linux•added 2026/02/09 8:37 p.m.•17 views

org.keycloak/keycloak-services: Keycloak: Unauthorized modification of unmanaged user attributes by administrators

4.9CVSS5.8AI score0.00307EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 12:2 a.m.•6 views

CVE-2022-24819

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1...

5.3CVSS6.6AI score0.03282EPSS

Exploits1References1

OSV•added 2024/02/20 4:7 p.m.•4 views

SUSE-SU-2024:0550-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.2: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY bsc1219679...

8CVSS7.8AI score0.01465EPSS

Exploits0References3

OSV•added 2024/02/16 3:4 p.m.•4 views

SUSE-SU-2024:0523-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: Upgrade to 12.18: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY bsc1219679...

8CVSS7.8AI score0.01465EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by