1435 matches found
CVE-2026-24581
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through = 2.9.5...
CVE-2026-24634
CVE-2026-24634 is an Authorization Bypass vulnerability in Rustaurius Ultimate Reviews (WordPress plugin “Ultimate Reviews”). Public records indicate it affects Ultimate Reviews versions up to and including 3.2.16, arising from Incorrectly Configured Access Control Security Levels and a user-cont...
CVE-2026-24598
Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through = 1.5.2...
WordPress plugin Monetag Official Plugin has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-69190
CVE-2025-69190 describes a Missing Authorization (broken access control) vulnerability in the WordPress theme Listihub (e-plugins). Affected versions: Listihub up to 1.0.6. The issue stems from incorrectly configured access control security levels that may allow unauthorized actions. Public detai...
GitHub: Missing Access Control in MigrationFile allows attacker to upload files to any Migration
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized content to be uploaded to a user's repository migration export due to a missing authorization check in the repository migration upload endpoint. The vulnerability could be exploited by...
CVE-2023-43119
An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
CVE-2018-12642
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user...
CVE-2018-14859
Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token...
CVE-2018-4399
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...
CVE-2021-27228
An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...
CVE-2021-33128
Improper access control in the firmware for some IntelR E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access...
CVE-2021-28488
Ericsson Network Manager ENM before 21.2 has incorrect access-control behavior that only affects the level of access available to persons who were already granted a highly privileged role. Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessib...
CVE-2021-28094
OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32...
CVE-2016-10996
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
CVE-2022-33077
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...
CVE-2022-26281
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue...
CVE-2022-26254
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names...
CVE-2022-26572
Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information...