CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

CVE-2026-50881

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...

PT-2026-49332

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...

CVE-2026-50886

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

PT-2026-49234

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

PT-2026-49486

Unauthenticated Broken Access Control in TrueBooker = 1.1.9 versions...

PT-2026-49502

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...

PT-2026-49364

Subscriber Broken Access Control in Rank Math SEO = 1.0.271 versions...

PT-2026-49450

Subscriber Broken Access Control in Advanced Form Integration = 1.126.12 versions...

PT-2026-49455

Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...

PT-2026-49226

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

PT-2026-49423

Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...

PT-2026-49353

Subscriber Broken Access Control in Bookify = 1.1.1 versions...

PT-2026-49235

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

PT-2026-49491

Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...

PT-2026-49419

Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...

PT-2026-49417

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...

PT-2026-49227

Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...

PT-2026-49506

Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...

PT-2026-49322

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...