Lucene search
K

1435 matches found

NVD
NVD
added 2026/01/23 3:16 p.m.4 views

CVE-2026-24581

Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through = 2.9.5...

5.4CVSS0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:29 p.m.10 views

CVE-2026-24634

CVE-2026-24634 is an Authorization Bypass vulnerability in Rustaurius Ultimate Reviews (WordPress plugin “Ultimate Reviews”). Public records indicate it affects Ultimate Reviews versions up to and including 3.2.16, arising from Incorrectly Configured Access Control Security Levels and a user-cont...

5.3CVSS5.4AI score0.00203EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:29 p.m.2 views

CVE-2026-24598

Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through = 1.5.2...

4.3CVSS5.9AI score0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.7 views

WordPress plugin Monetag Official Plugin has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:52 p.m.8 views

CVE-2025-69190

CVE-2025-69190 describes a Missing Authorization (broken access control) vulnerability in the WordPress theme Listihub (e-plugins). Affected versions: Listihub up to 1.0.6. The issue stems from incorrectly configured access control security levels that may allow unauthorized actions. Public detai...

7.3CVSS5.4AI score0.00219EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/01/10 7:52 p.m.8 views

GitHub: Missing Access Control in MigrationFile allows attacker to upload files to any Migration

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized content to be uploaded to a user's repository migration export due to a missing authorization check in the repository migration upload endpoint. The vulnerability could be exploited by...

6.5CVSS5.9AI score0.0039EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.7 views

CVE-2023-43119

An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...

9.8CVSS7.4AI score0.0061EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.9 views

CVE-2023-43902

Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...

9.8CVSS7.2AI score0.00857EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:25 p.m.15 views

CVE-2018-12642

Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user...

7.5CVSS6.9AI score0.01398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:22 p.m.5 views

CVE-2018-14859

Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token...

8.1CVSS6.9AI score0.00963EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:54 a.m.4 views

CVE-2018-4399

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...

5.5CVSS6.3AI score0.00928EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.8 views

CVE-2021-27228

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...

9.8CVSS6.9AI score0.01603EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.10 views

CVE-2021-33128

Improper access control in the firmware for some IntelR E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access...

4.4CVSS6.6AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.8 views

CVE-2021-28488

Ericsson Network Manager ENM before 21.2 has incorrect access-control behavior that only affects the level of access available to persons who were already granted a highly privileged role. Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessib...

6.5CVSS6.6AI score0.01075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.8 views

CVE-2021-28094

OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32...

6.5CVSS7AI score0.01114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.8 views

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5.3CVSS7.1AI score0.01092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.7 views

CVE-2022-33077

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...

7.5CVSS6.8AI score0.00668EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.7 views

CVE-2022-26281

BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue...

7.5CVSS7.4AI score0.0106EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.8 views

CVE-2022-26254

WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names...

5.3CVSS7.5AI score0.00826EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.7 views

CVE-2022-26572

Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information...

7.5CVSS7.2AI score0.00933EPSS
Exploits0References1
Rows per page
Query Builder