58 matches found
CVE-2026-33381
When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...
CVE-2026-33381
Technical details about CVE-2026-33381 are not publicly available in the provided documents. Monitor for updates from Grafana advisories and NVD.
CVE-2026-33381
When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...
SAP Financial Consolidation 安全漏洞
SAP Financial Consolidation is a financial reporting solution developed by the German company SAP. This product is primarily used for automating intercompany reconciliations and eliminations, currency conversions, and generating financial reports. There is a security vulnerability in SAP Financia...
PT-2026-39929
SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...
CVE-2026-35353
The CVE-2026-35353 entry concerns the mkdir utility in uutils coreutils. The root cause is that, when using -m, it creates the directory with umask-derived permissions (typically 0755) and only afterwards calls chmod to apply the requested mode, creating a brief window where a directory intended ...
PT-2026-27205
Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.4 Description The file server endpoint does not validate permissions on the temp/ path and does not filter path traversal sequences, potentially allowing unauthorized access to arbitrary files on the server. If...
CVE-2026-23516
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...
CVE-2026-23516
CVAT (open-source annotation tool) is affected in versions 2.2.0–2.54.0 by an XSS-like vulnerability that lets an attacker execute arbitrary JavaScript in a victim user’s CVAT UI session. The attack requires the attacker to create a malicious label or an SVG in a skeleton configuration and coerce...
CVE-2026-23516
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...
CVE-2026-23516 CVAT vulnerable to XSS via skeleton SVG images
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...
Devolutions Server <= 2025.2.12.0 Improper authorization (DEVO-2025-0015) (CVE-2025-11957)
The version of Devolutions Server installed on the remote host is prior or equal to 2025.2.12.0 and is, therefore, affected by an improper authorization vulnerability: - Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated...
Devolutions Server Unauthorized Access Vulnerability
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. An unauthorized access vulnerability exists in Devolutions Server that stems from improper...
CVE-2025-11957
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...
EUVD-2025-35612
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...
CVE-2025-11957
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...
CVE-2025-11957
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...
CVE-2025-11957
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...
CVE-2025-11957
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...
CVE-2025-11957
Devolutions Server (versions up to and including 2025.2.12.0) is affected by an improper authorization vulnerability in the temporary access workflow. An authenticated basic user can self-approve or approve others’ temporary access requests, enabling unauthorized access to vaults and entries via ...