162037 matches found
CVE-2026-57750 WordPress ez Form Calculator Premium plugin <= 2.14.1.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in ez Form Calculator Premium = 2.14.1.2 versions...
CVE-2026-57746 WordPress Booked plugin <= 3.0.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in Booked = 3.0.0 versions...
CVE-2026-57746 WordPress Booked plugin <= 3.0.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in Booked = 3.0.0 versions...
CVE-2026-57731 WordPress Flatsome theme <= 3.20.5 - Broken Access Control vulnerability
Contributor Broken Access Control in Flatsome = 3.20.5 versions...
CVE-2026-57731 WordPress Flatsome theme <= 3.20.5 - Broken Access Control vulnerability
Contributor Broken Access Control in Flatsome = 3.20.5 versions...
CVE-2026-57730 WordPress Flatsome theme <= 3.20.5 - Broken Access Control vulnerability
Subscriber Broken Access Control in Flatsome = 3.20.5 versions...
CVE-2026-57730 WordPress Flatsome theme <= 3.20.5 - Broken Access Control vulnerability
Subscriber Broken Access Control in Flatsome = 3.20.5 versions...
CVE-2026-57689 WordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...
CVE-2026-57689 WordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...
CVE-2026-57688 WordPress POS Entegratör plugin <= 3.7.103 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in POS Entegratör = 3.7.103 versions...
CVE-2026-57685 WordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...
FatPipe WARP/IPVPN/MPVPN - Authorization Bypass
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...
Lin CMS Spring Boot - Default JWT Token
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application. id: CVE-2022-32430 info: name: Lin CMS Spring Boot - Default JWT Token author: DhiyaneshDK severity: high description: | An access control issue in Lin CM...
WAVLINK WN535 G3 - Improper Access Control
WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...
D-Link DIR-816L - Improper Access Control
D-Link DIR-816LFW206b01 is susceptible to improper access control. An attacker can access folders folderview.php and categoryview.php and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-28955 info: name: D-Link DIR-816L - Improper...
WAVLINK WN533A8 - Improper Access Control
WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IPADDRESS/sysinit.shtml?r=52300 and searching for logincheckuser; and thereby possibly obtain sensitive information, modify data, and/or execute...
Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control
Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-38817 info: name: Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control author: For3stCo1d...
WAVLINK WN530HG4 - Improper Access Control
WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute...
VMware vRealize Log Insight - Improper Access Control to RCE
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. id: CVE-2022-31704 info: name: VMware vRealize Log Insight - Improper Acces...
WP Cerber < 8.9.3 - Broken Access Control
WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...