CVE-2026-33381

A flaw was found in Grafana. When a user's access to mint tokens for a service account is revoked, the system may temporarily allow the user to continue minting tokens for a few seconds. This could lead to a temporary bypass of access control, potentially enabling unauthorized actions if the toke...

SUSE CVE-2026-42508

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

CVE-2026-42508

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

CVE-2026-42508

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

Improper Check for Certificate Revocation

Overview Affected versions of this package are vulnerable to Improper Check for Certificate Revocation in the SignatureKey verification process. An attacker can bypass revocation enforcement by presenting a certificate with a revoked SignatureKey, potentially allowing unauthorized access or trust...

Improper Check for Certificate Revocation

Overview Affected versions of this package are vulnerable to Improper Check for Certificate Revocation in the SignatureKey verification process. An attacker can bypass revocation enforcement by presenting a certificate with a revoked SignatureKey, potentially allowing unauthorized access or trust...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the improperly checking the revocation status of the revoked SignatureKey by CA...

PT-2026-42715

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A failure occurred where a revoked SignatureKey belonging to a Certificate Authority CA was not correctly checked for revocation. The issue involves the validati...

GHSA-F76X-F9VJ-92JV NocoDB: Stale Auth Cache After API Token Deletion

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

NocoDB: Stale Auth Cache After API Token Deletion

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

GHSA-CHQV-VRJ7-QFFP NocoDB: Shared-base link access can invite arbitrary users as persistent base members

Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...

NocoDB: Shared-base link access can invite arbitrary users as persistent base members

Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...

PT-2026-42622

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

PT-2026-42618

Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...

PT-2026-42680

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.4 Description Deleted API tokens continue to authenticate requests until their cache entry expires because the authentication cache is not invalidated by the token value during deletion. The deletion process...

Astra Linux - уязвимость в thunderbird

When importing a revoked key with “key compromise” as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked. As a result, the existing key remained unrevoked. Revocation statements that used another revocation reason, or those that did not specify...

Astra Linux - уязвимость в thunderbird

The OCSP revocation status of recipient certificates was not checked when sending S/MIME encrypted emails. As a result, revoked certificates were accepted. This bug affected Thunderbird versions from 68 to 102.9.1. This vulnerability affects Thunderbird versions earlier than 102.10...

Amazon Linux 2023 : mount-s3 (ALAS2023-2026-1655)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1655 advisory. A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate...

CVE-2026-34970 MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...