3 matches found
CVE-2026-59818 etcd: gRPC client listener does not enforce `--client-crl-file` certificate revocation
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...
CVE-2026-53644 FOSSBilling's missing order-state validation allows clients to read and reset API key secrets for non-active orders
FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an active state e.g., suspended, canceled. The root cause is missing order-state...
Improper Authorization
ethycafides is vulnerable to improper authorization. The vulnerability is due to insufficient scope validation in the OAuth client creation and update endpoints, which allows an attacker or a highly privileged user to escalate privileges to owner-level...