CVE-2026-33518

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

LangSmith Client SDKs 信息泄露漏洞

LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. LangSmith Client SDKs have a vulnerability related to information leakage, which stems from the fact that output editing controls do not apply to streaming token events, potentially leading to sensitive LLM outputs being...

Active Debug Code

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php file. An attacker can obtain sensitive information, including developer email addresses, deployed commit hashes, and commit...

Critical: Red Hat Security Advisory: Red Hat Developer Hub 1.8.6 release.

Red Hat Developer Hub 1.8.6 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

EUVD-2026-24337

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

EUVD-2026-24339

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

CVE-2026-33518

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

CVE-2026-33519

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

CVE-2026-33519

The CVE-2026-33519 entry concerns Esri Portal for ArcGIS versions 11.4–12.0. A flaw in authorization checks allows improper permission validation for developer credentials, enabling misuse of permissions and the potential generation of Portal Administrator tokens by low-privilege users. The issue...

CVE-2026-33519

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

CVE-2026-33518

Esri Portal for ArcGIS 11.5 (Windows and Linux) is affected by an incorrect privilege assignment vulnerability. The issue lets highly privileged users create developer credentials that may grant more privileges than expected. CVSS 3.1 Base Score 9.8 (CRITICAL) with network attack vector, low atta...

CVE-2026-33518

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

CVE-2026-40908

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...

CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...

EUVD-2026-24286

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...

CVE-2026-40908

WWBN AVideo (open source video platform) contains a vulnerability in versions 29.0 and prior where the file at web root, git.json.php, executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes: the exact deployed commit hash (enables version fingerprinting ...

CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...