free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of inbound OAuth2/bearer-token authorization when the NEF route group nnef-callback was mounted, whic...

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of object-level authorization checks in the API endpoints, which could lead to information leaks...

PT-2026-33274

Name of the Vulnerable Software and Affected Versions Livemesh Addons for Elementor versions prior to 9.1 Description The plugin allows unauthorized modification of data and Stored Cross-Site Scripting XSS through plugin settings. This occurs because the AJAX handler lae admin ajax lacks...

SAP S/4HANA OData Service 安全漏洞

The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service Manage Reference Structures, which stems from the lack of authorization checks. This...

xyOps 安全漏洞

xyOps is a multi-server task scheduling and execution platform developed by Joseph Huckaby. Versions of xyOps prior to 0.9.111 contained security vulnerabilities. These vulnerabilities stemmed from the server’s lack of authorization checks when applying the updateevent key in JSON outputs, allowi...

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to alpha.90 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in multi-part replication paths, which could allow low-privilege users to bypass...

CVE-2026-30889

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain...

NervesHub 安全漏洞

NervesHub is a software developed under open source by NervesHub for managing firmware updates of Nerves devices. Versions of NervesHub from 1.0.0 to 2.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in device batch operations and the...

CVE-2025-11791

Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186, Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

RuoYi-Vue-Plus 安全漏洞

RuoYi-Vue-Plus is a development framework created by the dromara organization in China. Versions of RuoYi-Vue-Plus 5.5.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a lack of authorization checks in the SaServletFilter function of the Workflow Module component,...

CRMEB 安全漏洞

CRMEB is an open-source Java e-commerce system developed by CRMEB. Versions of CRMEB 5.6.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a lack of authorization checks in the crmeb/app/api/controller/v1/CrontabController.php file within the crontab endpoint...

CVE-2025-36192

IBM DS8A00 R10.1 10.10.106.0 and IBM DS8A00 R10.0 10.1.3.010.2.45.0 and IBM DS8900F R9.4 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS...

WordPress plugin Post SMTP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin KiotViet Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

CVE-2020-36854

The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the ajsteps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it...

WordPress plugin Traveler 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

Gatling Enterprise 安全漏洞

Gatling Enterprise is a load testing and performance testing management platform from Gatling France. A security vulnerability exists in Gatling Enterprise versions prior to 1.25.0 that stems from a lack of authorization checking and could result in a low-privileged user accessing read-only...

WordPress JobCareer Theme plugin <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrative Actions vulnerability

Missing Authorization to Authenticated Subscriber+ Multiple Administrative Actions vulnerability discovered by Lucio Sá in WordPress Theme JobCareer versions = 7.1...

Cisco Nexus Dashboard和Nexus Dashboard Fabric Controller 安全漏洞

Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller are both products of Cisco, Inc.Cisco Nexus Dashboard is a single console. The Cisco Nexus Dashboard is a single console that simplifies the operation and management of data center networks.The Cisco Nexus Dashboard Fabric Controll...