WordPress plugin Newses 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Broken Object Level Authorization in the Wild: An Empirical Taxonomy from 100+ Bug Bounty Disclosures

Broken Object Level Authorization BOLA is consistently ranked the most critical API security vulnerability, yet the existing literature remains almost entirely conceptual. This paper presents one of the first large-scale empirical analyses of BOLA in publicly disclosed bug bounty reports. We...

PT-2026-43133

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0...

PT-2026-43137

Name of the Vulnerable Software and Affected Versions Autoship Cloud for WooCommerce Subscription Products versions prior to 2.14.1 Description A missing authorization issue exists in the Autoship Cloud for WooCommerce Subscription Products plugin, which allows for the exploitation of incorrectly...

PT-2026-43149

Name of the Vulnerable Software and Affected Versions Smart Coupons for WooCommerce versions prior to 2.3.0 Description A missing authorization issue in WebToffee Smart Coupons for WooCommerce allows for the exploitation of incorrectly configured access control security levels. This is a broken...

PT-2026-43143

Name of the Vulnerable Software and Affected Versions Broadcast Live Video versions prior to 7.1.3 Description Improper Control of Generation of Code allows for Code Injection, which can lead to Remote Code Execution RCE, a state where an attacker can execute arbitrary commands on the target...

PT-2026-43153

Name of the Vulnerable Software and Affected Versions NanoCare versions prior to 1.2.2 Description A missing authorization issue in Linethemes NanoCare allows for the exploitation of incorrectly configured access control security levels, resulting in broken access control. Recommendations Update ...

Linux Distros Unpatched Vulnerability : CVE-2026-32175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could writ...

PT-2026-43135

Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a through 6.8.8.3...

WordPress plugin WP Search Analytics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin B2BKing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

ROS-20260525-73-0001

Vulnerability in python-sqlparse related to insufficient control of a resource while it exists. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Vane 访问控制错误漏洞

Vane is a privacy-oriented AI chatbot engine developed by Kushagra Srivastava. It supports both local and cloud models. Versions of Vane prior to 1.12.1 contained an access control vulnerability. This vulnerability stemmed from an unknown feature in the file route.ts within the component API, whi...

cal.diy 访问控制错误漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain a security vulnerability related to access control. This vulnerability stems from the getServerSideProps function in the Generic React API component file...

Hermes Agent 访问控制错误漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.23 contained a access control vulnerability. This vulnerability originated from the makerunenv function in the tools/environments/local.py file of the...

ROS-20260524-73-0057

Vulnerability in portainer-ce related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate their privileges...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Langflow

No d...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Langflow

No d...

ios-imessage-zero-click-exploit

CVE-2025-31200/31201 - iOS Zero-Click iMessage Exploit Chai...

CVE-2026-34908

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...