Lucene search
K

317 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/10 4:52 p.m.4 views

CVE-2026-30945

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner...

7.1CVSS5.8AI score0.00452EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2026/03/10 4:52 p.m.32 views

CVE-2026-30945 StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner...

7.1CVSS0.00452EPSS
Exploits2References3
CVE
CVE
added 2026/03/10 4:52 p.m.27 views

CVE-2026-30945

CVE-2026-30945 : StudioCMS prior to 0.4.0 exposes an authorization flaw in DELETE /studiocms_api/dashboard/api-tokens. Any authenticated user with editor privileges or above can revoke API tokens for any user (including admin/owner) because tokenID and userID are taken directly from the request w...

7.1CVSS5.8AI score0.00452EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/03/10 4:52 p.m.8 views

CVE-2026-30945 StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner...

7.1CVSS5.8AI score0.00452EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24253

Name of the Vulnerable Software and Affected Versions StudioCMS versions prior to 0.4.0 Description StudioCMS is a server-side-rendered, Astro native, headless content management system. The DELETE /studiocms api/dashboard/api-tokens API endpoint, before version 0.4.0, allows authenticated users...

7.1CVSS5.8AI score0.00452EPSS
Exploits2References6
EUVD
EUVD
added 2026/03/07 5:13 a.m.4 views

EUVD-2026-10112

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1...

5.7AI score0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 5:13 a.m.4 views

CVE-2026-30825 hoppscotch: IDOR - Any authenticated user can revoke any other user's Personal Access Token

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1...

5.7AI score0.00225EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/07 1:43 a.m.5 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/05 9:30 p.m.3 views

Comparison Using Wrong Factors

Overview org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication UAA Server. Affected versions of this package are vulnerable to Comparison Using Wrong Factors due to a logic error in the token revocation endpoint implementation. An attacker can...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 9:30 p.m.7 views

EUVD-2026-9877

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.8 views

Cloudfoundry UAA has logic error in the token revocation endpoint implementation

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/05 9:30 p.m.4 views

GHSA-6WCW-R64P-QRRW Cloudfoundry UAA has logic error in the token revocation endpoint implementation

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References5
NVD
NVD
added 2026/03/05 9:16 p.m.4 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 8:40 p.m.3 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/05 8:40 p.m.34 views

CVE-2026-22723 UAA User Token Revocation logic error

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 8:40 p.m.2 views

CVE-2026-22723 UAA User Token Revocation logic error

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 8:40 p.m.5 views

CVE-2026-22723 UAA User Token Revocation logic error

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 8:40 p.m.18 views

CVE-2026-22723

CVE-2026-22723 affects Cloud Foundry UAA and CF Deployment due to a logic error in the token revocation endpoint. Vulnerable ranges: UAA v77.30.0–v78.7.0 and CF Deployment v48.7.0–v54.10.0. Root cause is a faulty token revocation flow that can improperly revoke tokens. Impact is described as Inap...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23516

Name of the Vulnerable Software and Affected Versions Cloudfoundry UAA versions 77.30.0 through 78.7.0 Cloudfoundry Deployment versions 48.7.0 through 54.10.0 Description A logic error in the implementation of the token revocation endpoint leads to inappropriate user token revocation. The issue...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.11 views

CloudFoundry UAA和CloudFoundry Deployment 安全漏洞

CloudFoundry UAA and CloudFoundry Deployment are both products of the CloudFoundry Foundation. CloudFoundry UAA is a multi-tenant identity management service. CloudFoundry Deployment is a code deployment component. Both CloudFoundry UAA and CloudFoundry Deployment have security vulnerabilities...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
Rows per page
Query Builder