StudioCMS has Privilege Escalation via Insecure API Token Generation

Summary The /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target us...

CVE-2026-30944 StudioCMS Affected by Privilege Escalation via Insecure API Token Generation

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to...

Linux Distros Unpatched Vulnerability : CVE-2020-13322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy...

Biscuit 数据伪造问题漏洞

Biscuit is delegated, decentralized, capability-based authorization tokens. A data forgery issue vulnerability exists in the v1 version of Biscuit that stems from allowing an attacker to create tokens with any access level...