CVE-2026-33420

A flaw was found in Vaultwarden. A Manager-role user with limited access permissions can exploit a missing authorization check in the getorgcollectionsdetails endpoint. This vulnerability allows the user to retrieve sensitive information, including names, UUIDs, and user and group mappings for al...

CVE-2026-33501 AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the endpoint plugin/Permissions/View/Usersgroupspermissions/list.json.php lacks any authentication or authorization check, allowing unauthenticated users to retrieve the complete permission matrix mapping user...

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

...