2263 matches found
CVE-2026-61952
Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...
CVE-2026-15079
The CVE-2026-15079 entry concerns the Drupal Login Disable module, affected on versions 0.0.0 through 2.1.4. The underlying issue is an improper restriction of excessive authentication attempts, which can enable brute-force login attempts to bypass protection. The attack surface is the Drupal log...
CVE-2026-58590
FlowDrop for Drupal is affected by a Missing Authorization vulnerability that enables forceful browsing. Publicly reported details cover FlowDrop versions 0.0.0 through 1.6.0 as vulnerable. The root cause is insufficient access checks, allowing unauthorized navigation to access resources. The iss...
CVE-2026-58589 FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-067
Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...
CVE-2026-58589
CVE-2026-58589 describes a Missing Authorization vulnerability in Drupal FlowDrop (FlowDrop versions 0.0.0 to 1.6.0) allowing forceful browsing to access endpoints without proper permissions. The issue affects the FlowDrop module used for AI-driven workflows via a chat interface, where endpoints ...
CVE-2026-13241
Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...
CVE-2026-13241 Paragraphs - Moderately critical - Access bypass - SA-CONTRIB-2026-061
Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...
CVE-2026-13239
Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...
CVE-2026-13239 WissKI - Critical - Access bypass - SA-CONTRIB-2026-059
Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...
CVE-2026-13238
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...
CVE-2026-13238 Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...
CVE-2026-13237
Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...
CVE-2026-13237 AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057
Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...
CVE-2026-13236
Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...
CVE-2026-13232 Advanced Content Feedback (aka admin_feedback) - Moderately critical - Access bypass / Insecure Direct Object Reference (IDOR) - SA-CONTRIB-2026-052
Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...
CVE-2026-11909 Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044
Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6...
CVE-2026-59225
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...
CVE-2026-59225
Open WebUI vulnerability CVE-2026-59225 affects versions 0.8.12 up to before 0.10.0. An authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model via task endpoints like /api/v1/tasks/moa/completions. The normal chat flow re-checks submodel ac...
CVE-2026-59217
Open WebUI prior to version 0.10.0 allowed a metadata.knowledge_id value in file uploads to auto-link files to a knowledge base, bypassing the write-access check on /api/v1/knowledge//file/add. This enabled read-only knowledge-base users to add arbitrary files. The issue is fixed in version 0.10....
PT-2026-56583
Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description A flaw exists where a client can be registered as the configured no auth user via a parser path triggered when the initial client operation is not CONNECT...