1978 matches found
Apache Tomcat Client Certificate Validation Flaw Vulnerability
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat client certificate has a validation flaw vulnerability, the vulnerability is due to allow revoked certificate/test...
GO-2026-4626 Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion in github.com/forceu/gokapi
Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
CVE-2026-30945
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner...
CVE-2026-30945 StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner...
CVE-2026-30945 StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner...
CVE-2026-30945
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner...
CVE-2026-30945 StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner...
CVE-2026-30945
CVE-2026-30945 : StudioCMS prior to 0.4.0 exposes an authorization flaw in DELETE /studiocms_api/dashboard/api-tokens. Any authenticated user with editor privileges or above can revoke API tokens for any user (including admin/owner) because tokenID and userID are taken directly from the request w...
PT-2026-24253
Name of the Vulnerable Software and Affected Versions StudioCMS versions prior to 0.4.0 Description StudioCMS is a server-side-rendered, Astro native, headless content management system. The DELETE /studiocms api/dashboard/api-tokens API endpoint, before version 0.4.0, allows authenticated users...
CVE-2026-30825 hoppscotch: IDOR - Any authenticated user can revoke any other user's Personal Access Token
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1...
EUVD-2026-10112
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1...
CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...
CVE-2026-22723
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...
CVE-2026-29061 Gokapi: Privilege escalation via incomplete API-key permission revocation on user rank demotion
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permission...
EUVD-2025-208330
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...
EUVD-2025-208333
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...