7 matches found
CVE-2026-62233
CVE-2026-62233 affects grav-plugin-api prior to 1.0.6. The issue: createApiKey, generate2fa, and disable2fa endpoints fail to validate super-admin status, allowing non-super api.users.write managers to escalate to super-admin. As described, attackers can mint API keys bound to super-admin account...
CVE-2026-50007
Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with useraccess on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users...
CVE-2026-50007 Actual: Shared users can perform owner-only file management actions
Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with useraccess on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users...
PT-2026-56243
Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.7.0 Description A missing authorization issue allows a shared user with user access on a budget file to perform file management actions reserved for the owner or an administrator. This occurs because the...
CLSA-2026-1779101894 opensc: Fix of CVE-2023-40661
CVE-2023-40661: fix multiple smartcard pkcs15init buffer overflows, underflows and out-of-bounds writes scpkcs15initrmdir, setcoscreatekey, cosmnewfile, cosmcreatekey, scpkcs15getlastupdate, iasecc-sdo, entersafe, epass2003 keygen...
PT-2023-35586 · Git +1 · Opensc
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Invalid-free. The crash state involves several function calls, including sc file clear acl entries, sc...
Linux kernel denial of service vulnerability (CNVD-2018-09997)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions prior to 4.13.5. A local attacker can exploit this vulnerability with the help of the keyctl command to create...