5 matches found
CVE-2026-39984
CVE-2026-39984 – Sigstore Timestamp Authority (tsa/timestamp-authority/v2/pkg/verification) : Versions 2.0.5 and earlier contain an authorization bypass in VerifyTimestampResponse. The code validates the certificate chain correctly but applies TSA-specific constraints using the first non-CA certi...
CVE-2026-35182
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...
WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference vulnerability
Authenticated Author+ Insecure Direct Object Reference vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin PageLayer versions = 2.0.5...
WordPress Password Policy Manager plugin <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out vulnerability
Missing Authorization to Authenticated Subscriber+ Configuration Log Out vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Password Policy Manager versions = 2.0.5...
WordPress Themify Audio Dock Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Themify Audio Dock versions = 2.0.5...