EUVD-2026-20359

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

CVE-2025-69013

Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through = 1.6.1...

CVE-2025-63056

CVE-2025-63056 corresponds to a Missing Authorization flaw in the WordPress plugin Contact Form by BestWebSoft (versions up to and including 4.3.5). The issue is a bypass of access controls in the plugin’s configuration, enabling unauthorized access as described in the CVE entry. Public sources i...

EUVD-2018-8942

Malware in sbrugna...

EUVD-2025-3235

Malicious code in bioql PyPI...

EUVD-2025-14734

Malicious code in bioql PyPI...

EUVD-2023-46348

Malicious code in bioql PyPI...

EUVD-2023-43725

Malicious code in bioql PyPI...

CVE-2025-3648

The CVE-2025-3648 entry concerns the Now Platform, where data could be inferred without authorization under certain conditional ACL configurations. The vulnerability allows unauthenticated and authenticated users to use range query requests to infer instance data not meant to be accessible. Techn...

CVE-2025-7076

CVE-2025-7076 affects BlackVue Dashcam 590X up to 20250624. The root cause is an improper access control in the file /upload.cgi of the Configuration Handler, exploitable from the local network. Multiple sources indicate the vulnerability is critical with potential impact on confidentiality, inte...

PT-2025-24105 · Solaplugins · Sola Support Ticket

Name of the Vulnerable Software and Affected Versions: Sola Support Ticket versions 3.17 and earlier Description: The issue is related to a Missing Authorization vulnerability in SolaPlugins Sola Support Ticket, which allows exploiting incorrectly configured access control security levels...

PT-2025-24189

Name of the Vulnerable Software and Affected Versions ThemeHunk versions 1.1.1 and earlier Description The issue is related to missing authorization, allowing exploitation of incorrectly configured access control security levels. Recommendations For ThemeHunk versions 1.1.1 and earlier, update to...

CVE-2023-48775

Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2...

PT-2025-15198 · Qualcomm · Snapdragon +60

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A cryptographic issue may arise due to the access control configuration allowing Linux to read key registers in TCSR. Recommendations: At the moment, there is no information about a newer...

CVE-2025-26750

Missing Authorization vulnerability in appsbd Vitepos vitepos-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vitepos: from n/a through = 3.1.3...

CVE-2023-49818 WordPress Webflow Pages plugin <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8...

CVE-2023-21411

User provided input is not sanitized in the “Settings Access Control” configuration interface allowing for arbitrary code execution...

Trendnet AC2600 TEW-827DRU Data Forgery Issue Vulnerability

Trendnet AC2600 TEW-827DRU is a wireless router. version 2.08B01 of the Trendnet AC2600 TEW-827DRU has a security vulnerability that stems from incorrect access control configuration, which could allow an attacker to maliciously update the firmware...

CVE-2020-14209

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control e.g., to let .noexe files be executed as PHP co...

CVE-2018-17167

PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the 1 "Machine Host Name" or "Server Serial Number" field in the clustering configuration, 2 "name" field in the Edit Group configuration, 3 "Rule Name" field in the Access Control configuration, 4...