PT-2026-22072

Name of the Vulnerable Software and Affected Versions Bitnami Sealed Secrets affected versions not specified Description Bitnami Sealed Secrets is susceptible to a scope-widening attack during the secret rotation process via the /v1/rotate API endpoint. The rotation handler uses untrusted data fr...

EUVD-2026-8681

Plane is an an open-source project management tool. Prior to version 1.2.2, the ProjectAssetEndpoint.patch method in apps/api/plane/app/views/asset/v2.py lines 579–593 performs a global asset lookup using only the asset ID pk via FileAsset.objects.getid=pk, without verifying that the asset belong...

CVE-2026-25135

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

PT-2026-21832

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

CVE-2026-2775

Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2698

An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope...

CVE-2026-2698

An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope...

CVE-2026-2698 Improper Access Control

An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope...

CVE-2026-2698

CVE-2026-2698 is an improper access control vulnerability described across multiple sources as allowing an authenticated user to access areas outside their authorized scope. Connected documents tie the issue to Tenable Security Center (and its 6.8.0 fix) and Red Hat/NVD entries, all noting the sa...

CVE-2026-2698 Improper Access Control

An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope...

grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation

An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...

PT-2026-21528

Name of the Vulnerable Software and Affected Versions versions prior to 2026 Description An improper access control issue allows authenticated users to access areas outside of their authorized scope. Recommendations At the moment, there is no information about a newer version that contains a fix...

Tenable Security Center 安全漏洞

Tenable Security Center is a security center provided by the American company Tenable. There are security vulnerabilities in Tenable Security Center. These vulnerabilities stem from improper access control, which may allow authenticated users to access areas that are beyond their authorized scope...

BIT-GRAFANA-2026-21721 Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege...

grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation

An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...

grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation

An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the /approve command. An attacker can gain unauthorized approval or denial of pending execution requests by sending specially crafted chat messages through a...

SUSE CVE-2026-23137

In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittestdataadd In unittestdataadd, if ofresolvephandles fails, the allocated unittestdata is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper freekfree for...

Linux Distros Unpatched Vulnerability : CVE-2026-23153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transaction is...