2078 matches found
CVE-2026-29061 Gokapi: Privilege escalation via incomplete API-key permission revocation on user rank demotion
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permission...
EUVD-2025-208330
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...
EUVD-2025-208333
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...
CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...
OliveTin 代码问题漏洞
OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 300.11.1 had code vulnerabilities. These vulnerabilities stemmed from the lack of server-side session revocation when users log out, allowing attackers to continue authenticating after logging out usin...
CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-30413
CVE-2025-30413 affects Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497 and Acronis Cyber Protect 17 before build 41186. The issue: credentials are not deleted from the Acronis Agent after plan revocation. Impact per CVSSv3: Confidentiality High, Integrity None, Availa...
CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...
CVE-2025-11790
The CVE concerns Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) prior to build 41124, where credentials are not deleted after plan revocation. Affected components: the Acronis Agent software. Root cause: data persistence of credentials after revocation is not addressed (per CVE notes)....
CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...
CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...
Cloudfoundry UAA has logic error in the token revocation endpoint implementation
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...
Comparison Using Wrong Factors
Overview org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication UAA Server. Affected versions of this package are vulnerable to Comparison Using Wrong Factors due to a logic error in the token revocation endpoint implementation. An attacker can...
EUVD-2026-9877
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...
GHSA-6WCW-R64P-QRRW Cloudfoundry UAA has logic error in the token revocation endpoint implementation
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...
CVE-2026-22723
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...