219417 matches found
CVE-2026-43934 e107: Broken Access Control in e107 comment edit allows cross-user comment modification
e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...
CVE-2026-43934 e107: Broken Access Control in e107 comment edit allows cross-user comment modification
e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...
CVE-2026-48136
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...
CVE-2026-48136 Authenticated Administrator Role-Based Access Control Bypass in Compliance
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...
CVE-2026-48136
CVE-2026-48136 affects Check Point Multi-Domain Management where, when Compliance is enabled, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata for Compliance Best Practices in another CMA where they have no access, effectively bypassi...
CVE-2026-48136 Authenticated Administrator Role-Based Access Control Bypass in Compliance
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via improper validation of symbolic links in the virt-handler process. An attacker can gain unauthorized access to privileged Unix sockets on the host by replacing a virtual machine console socket with a symlink to a...
MAL-2026-4797 Malicious code in int-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 369f6932b06597ffc51269a3c2634d158a10270a5c79eb9e4842818e8570c544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in fastjsonlog (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c215826041044ae60befaac2d8d5cb29653cb12091b5803ed0a7cf8fff83f94b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-24638
Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121...
CVE-2026-24590
Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23...
CVE-2026-24590 WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability
Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23...
CVE-2026-24590
Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23...
EUVD-2026-31806
Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23...
CVE-2026-24590
The CVE-2026-24590 entry affects the WordPress plugin “Paid Videochat Turnkey Site” (versions up to and including 7.3.23). Root cause: Missing/incorrect authorization allows Broken Access Control. Impact, per the provided metrics, is low confidentiality impact and no integrity/availability impact...
CVE-2026-24590 WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability
Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23...
WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ChuongVN in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.23...
WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ChuongVN in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.23...
CVE-2026-24638
CVE-2026-24638 concerns a missing authorization issue in the WordPress RepairBuddy plugin (
CVE-2026-24638 WordPress RepairBuddy plugin <= 4.1121 - Broken Access Control vulnerability
Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121...