1435 matches found
CVE-2020-12073
The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests...
CVE-2026-20970
Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs...
CVE-2022-27128
An incorrect access control issue at /admin/runajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts...
CVE-2019-16639
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec= substring. This affects EG-2000SE EGRGOS 11.9...
CVE-2024-2749
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categorie...
CVE-2025-68850 WordPress Sell Downloads plugin <= 1.1.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Codepeople Sell Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through 1.1.12...
WordPress plugin ShopMagic 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2025-68270 CourseLimitedStaff Role Allows Studio Access
The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, and CourseLimitedStaffRole users are able t...
CVE-2025-67578
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...
CVE-2025-67589
CVE-2025-67589 affects the WordPress plugin “WooCommerce PDF Invoices & Packing Slips” (woocommerce-pdf-invoices-packing-slips), with vulnerability type Missing/Broken Authorization (broken access control). Affected versions are up to 4.9.1; the issue is caused by incorrectly configured access co...
PT-2025-49999
Missing Authorization vulnerability in Virtuaria Virtuaria PagBank / PagSeguro para Woocommerce virtuaria-pagseguro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virtuaria PagBank / PagSeguro para Woocommerce: from n/a through = 3.6.3...
PT-2025-49073
Name of the Vulnerable Software and Affected Versions platform version 1.0.0 Description An access control issue exists in the ApiPayController.java component, potentially allowing unauthorized access to sensitive information. The vulnerability is present in platform version 1.0.0. The attack...
Linux Distros Unpatched Vulnerability : CVE-2025-11224
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allow...
SuiteCRM 安全漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions 7.14.7 and earlier and 8.0.0-beta.1 through 8.9.0, which stems from inconsistent access control and could lead to unauthorized data exposure and modification...
PT-2025-44232
Name of the Vulnerable Software and Affected Versions Facebook for WooCommerce versions through 3.5.7 Description A missing authorization issue exists in Facebook for WooCommerce, allowing exploitation of incorrectly configured access control security levels. Recommendations Update Facebook for...
CVE-2025-59273
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network...
EUVD-2025-35547
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.3.9...
PT-2025-41507
Name of the Vulnerable Software and Affected Versions Samsung DeX versions prior to SMR Oct-2025 Release 1 Description An improper access control issue exists in the WindowManager component of Samsung DeX. This allows a physically present attacker to temporarily access a list of recently used...
EUVD-2019-2400
Malware in sbrugna...
EUVD-2016-1599
Malware in sbrugna...