3399 matches found
CVE-2026-25192
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2025-55261
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...
CVE-2025-55261
CVE-2025-55261 affects HCL Aftermarket DPC and is associated with a Missing Functional Level Access Control vulnerability that can enable privilege escalation and data manipulation within the application. The CVE is referenced across multiple sources (NVD, Red Hat, CNVD, EUVD, CIRCL, CVE List, vu...
CVE-2025-55261
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...
CVE-2025-55261 HCL Aftermarket DPC is affected by Missing Functional Level Access Control
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...
CVE-2025-55261 HCL Aftermarket DPC is affected by Missing Functional Level Access Control
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...
CVE-2025-55274 HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability
HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS misconfiguration, they...
CVE-2026-34051
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...
PT-2026-28286
Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The application suffers from missing functional level access control, potentially allowing an attacker to escalate privileges and compromise the application. This could lead to th...
etcd 安全漏洞
Etcd is an open-source system developed in Go language, used as a key-value storage system for distributed systems. There are security vulnerabilities in versions prior to 3.4.42, 3.5.28, and 3.6.9 of etcd. These vulnerabilities stem from the possibility for unauthorized users to bypass...
OpenEMR 安全漏洞
OpenEMR is an open-source medical management system developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...
CVE-2026-34051 OpenEMR has Improper ACL On Import/Export Popup
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...
EUVD-2026-15568
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...
CVE-2026-24372
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...
CVE-2026-24372
CVE-2026-24372 affects the WordPress plugin Subscriptions for WooCommerce up to version 1.8.10, where an Authentication Bypass by Spoofing plus Input Data Manipulation vulnerability exists. The issue is confirmed across multiple sources (NVD/Red Hat/CVEs lists) with CVSS v3.1 base score 7.5 (HIGH...
CVE-2026-24372 WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...
CVE-2026-24372 WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...
CVE-2026-4815
Support Board 3.7.7 is affected by a SQL injection vulnerability. The issue allows an attacker to retrieve, create, update, and delete data through the parameter calls[0][message_ids][] in the /supportboard/include/ajax.php endpoint. The connected CVE records confirm the affected product/version ...
PT-2026-27854
Name of the Vulnerable Software and Affected Versions Subscriptions for WooCommerce versions through 1.8.10 Description An authentication bypass by spoofing issue exists in WP Swings Subscriptions for WooCommerce. This allows for input data manipulation. The issue impacts the Subscriptions for...
WordPress ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation vulnerability
WordPress ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin = 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation vulnerability discovered by abrahack in WordPress Plugin ReviewX versions =...