31 matches found
CVE-2026-7891
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...
WordPress plugin RSVP and Event Management 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...
WordPress plugin Smart Coupons for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin CF7 WOW Styler 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL
Summary Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET /api/datasources/:datasourceId. Every authenticated...
EUVD-2026-28463
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...
CVE-2026-7891
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...
CVE-2026-7891
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...
CVE-2026-7891
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...
CVE-2026-7891
The CVE-2026-7891 entry documents an authorization misconfiguration in The VerySecureApp (DIVD) built with Mendix Studio Pro 11.8.0 Beta. Anonymous users in the MyFirstModule, tied to the anonymous user role, can access all stored records even when no explicit access rights exist for that role. T...
CVE-2026-7891
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...
EUVD-2026-20205
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.10...
CVE-2026-1524 Auth misconfiguration when multiple providers enabled
An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures...
Siemens Mendix Application Authorization Misconfiguration Vulnerability
Siemens Mendix is a low-code application development platform from Siemens. An authorization misconfiguration vulnerability exists in the Siemens Mendix application, which can be exploited by an attacker to obtain sensitive information...
CVE-2026-24957 WordPress Strong Testimonials plugin <= 3.2.20 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...
Exploit for CVE-2025-49173
CVE-2025-49173 — macOS 10.9 Local Root Privilege Escalation R...
CVE-2025-67474 WordPress ForumWP plugin <= 2.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through = 2.1.4...
EUVD-2023-1959
Malicious code in bioql PyPI...
ETQ Reliance 安全漏洞
ETQ Reliance is a quality management system from ETQ Corporation. A security vulnerability exists in ETQ Reliance that stems from a misconfiguration of the API authorization logic, which could allow an unauthenticated attacker to bypass access control checks and retrieve limited sensitive resourc...
IBM Engineering Requirements Management DOORS 授权问题漏洞
IBM Engineering Requirements Management DOORS is a requirements management tool from International Business Machines IBM. An authorization issue vulnerability exists in IBM Engineering Requirements Management DOORS version 9.7.2.9, which stems from a misconfiguration that could lead to a...