CVE-2026-8694

CVE-2026-8694 involves an improper access control flaw in Devolutions PowerShell Universal up to version 2026.1.7, where an unauthenticated remote attacker can obtain the OpenAPI specification of user-defined REST endpoints. The affected component is the OpenAPI/REST endpoint documentation expose...

CVE-2026-12059

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

CVE-2026-12059 Cellopoint｜CelloOS - Improper Access Control

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

EUVD-2026-36389

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

CVE-2026-12059

CVE-2026-12059 concerns the SSH service of Cellopoint’s CelloOS. The vulnerability is described as Improper Access Control that lets authenticated remote attackers bypass enforced command restrictions and execute operating system commands outside the originally authorized scope. Connected CVE rec...

CVE-2026-48610

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

WordPress WPQA <5.5 - Improper Access Control

WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site. id: CVE-2022-1598 info: name: WordPress WPQA 5.5 - Improper Access Control...

WAVLINK WN530HG4 - Improper Access Control

WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute...

WAVLINK WN535 G3 - Improper Access Control

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...

CVE-2026-48610

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

CVE-2026-48610

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

CVE-2026-48610

CVE-2026-48610 describes an Improper Access Control vulnerability on certain devices running UniFi OS. A remote attacker with network access could cause unauthorized changes to UniFi OS devices. The CVSSv3.1 base score is 8.1 (High) with network attack vector, high impact on confidentiality, inte...

EUVD-2026-36378

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

PT-2026-48825

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

PT-2026-48830

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

CVE-2026-45178

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial ...

EUVD-2026-36289

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to...

CVE-2026-45178

CVE-2026-45178 affects Idira Secrets Manager Self-Hosted up to version 13.8.0, where improper access control exists in internal cluster endpoints. A remote, authenticated attacker with standard node-level credentials could exploit these endpoints to retrieve unauthorized secrets or trigger a deni...

CVE-2026-45178 Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial ...

Adobe Connect < 12.1.5 - Local File Disclosure

Adobe Connect versions 11.4.5 and earlier, 12.1.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...