Qualcomm Chipsets Access Control Vulnerability

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. Qualcomm Chipsets contain an access control vulnerability, which stems from encryption issues during the processing of partition table entries. This vulnerability may allow unauthorized modification...

NextCloud Access Control Vulnerability

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. Vulnerabilities existed in versions of Nextcloud prior to 21.1.10, 22.0.11, and 23.0.3 due to access control flaws. These vulnerabilities stemmed from...

Ivanti Neurons for ITSM Access Control Vulnerability

Ivanti Neurons for ITSM is a reliable and powerful IT service management solution from the American company Ivanti. Ivanti Neurons for ITSM has a vulnerability related to access control. This vulnerability stems from improper access control practices, which may allow remote authentication attacke...

Code-Projects Smart Parking System Access Control Vulnerability

Code-Projects Smart Parking System is an open-source intelligent parking system developed by Code-Projects. Version 1.0 of the Code-Projects Smart Parking System contains a vulnerability related to access control. This vulnerability stems from the lack of authentication in the Admin Endpoint...

n8n-MCP 访问控制错误漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.51.2 contained an access control vulnerability. This vulnerability arises when multi-tenant mode is enabled, and headers are omitted or only partially provided duri...

EUVD-2026-32526

Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14...

Synology ActiveProtect Agent 访问控制错误漏洞

Synology ActiveProtect Agent is a terminal data backup and recovery agent provided by the Chinese company Synology. Versions of Synology ActiveProtect Agent prior to 1.1.0-0439 contained a access control vulnerability caused by a source validation error. This vulnerability could allow local users...

Synology Assistant 访问控制错误漏洞

Synology Assistant is a network storage device discovery and management tool provided by the Chinese company Synology. Versions of Synology Assistant prior to 7.0.6-50085 contained a access control vulnerability caused by a source verification error. This vulnerability could allow local users to...

Tassos Framework Plugin 访问控制错误漏洞

The Tassos Framework Plugin is a Joomla extension and functionality enhancement framework developed by Tassos Marinos. The Tassos Framework Plugin has a security vulnerability related to access control, which allows users to delete any file on the affected site...

CVE-2026-25444

CVE-2026-25444 concerns the WordPress plugin WordPress WpBookingly (Magepeople Inc.), affected versions:

Student-Management-System 访问控制错误漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. The STUDENT-MANAGEMENT-SYSTEM contains a security vulnerability related to access control. This vulnerability stems from improper access control measures in the Dashboard component, which may...

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions of JeecgBoot 3.9.1 and earlier contained a security vulnerability related to access control. This vulnerability stemmed from incorrect operations with the parameter...

kavita 访问控制错误漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0 contained an access control vulnerability. This vulnerability stemmed from the ReaderController.GetImage endpoint, which allowed completely unauthenticated access,...

Student Management System 访问控制错误漏洞

Student Management System is a student management system developed by Krishanmurariji as an individual project. The Student Management System has a security access control vulnerability, which stems from an unknown function in the file/index.php/students/addStudentView, leading to improper access...

WordPress QR Redirector plugin <= 2.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin QR Redirector versions = 2.0.3...

PT-2026-43149

Name of the Vulnerable Software and Affected Versions Smart Coupons for WooCommerce versions prior to 2.3.0 Description A missing authorization issue in WebToffee Smart Coupons for WooCommerce allows for the exploitation of incorrectly configured access control security levels. This is a broken...

cal.diy 访问控制错误漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain a security vulnerability related to access control. This vulnerability stems from the getServerSideProps function in the Generic React API component file...

Microsoft Entra ID 访问控制错误漏洞

Microsoft Entra ID is a cloud-based identity and management solution provided by Microsoft Corporation. There is an access control vulnerability in Microsoft Entra ID, which stems from a source verification error. This vulnerability could allow unauthorized attackers to escalate their privileges...

Exploit for CVE-2025-39247

CVE-2025-39247 - Target: HikCentral Professional HCMP, c...

Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞

Trend Micro Apex One and TrendAI Vision One Endpoint Security – Standard Endpoint Protection are products of Trend Micro, a US-based company. Trend Micro Apex One is a terminal protection software. TrendAI Vision One Endpoint Security – Standard Endpoint Protection is an enterprise terminal...