USN-8422-1: Mistral vulnerability

Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints. An attacker could possibly execute arbitrary code on a Mistral worker and possibly extract sensitive data including service credentials from it...

CVE-2026-48904

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

CVE-2026-48900

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

CVE-2026-35223

An improper access check allows unauthorized access to comconfig webservice endpoints...

CVE-2026-48904 Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

CVE-2026-23899

An improper access check allows unauthorized access to webservice endpoints...

CVE-2026-23899 Joomla! Core - [20260306] - Improper access check in webservice endpoints

An improper access check allows unauthorized access to webservice endpoints...

WordPress plugin RegistrationMagic 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2026-1859

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the...

EUVD-2025-204039

Improper access checks in M-Files Server before 25.12 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled...

M-Files Server 安全漏洞

M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 25.12 that stems from improper access checking and could lead to file download bypass...

PT-2025-52000

Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 25.12 Description A flaw exists in M-Files Server that allows users to download files through M-Files Web using Web Companion, even when the Print and Download Prevention module is enabled. This is due to...

Grav Authorization Issues Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an authorization issue vulnerability that stems from improper authorization checking, which can be exploited by an attacker to cause for...

CVE-2025-7106

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...

PT-2025-39160

Name of the Vulnerable Software and Affected Versions librechat versions prior to the fix Description An authorization bypass exists due to incorrect access control checks. The checkAccess function within api/server/middleware/roles/access.js utilizes permissions.some for permission validation,...

Indico 安全漏洞

Indico is a feature-rich event management system from Indico Open Source. A security vulnerability exists in Indico versions prior to 3.3.8, which stems from improper access checking and could lead to unauthorized retrieval of another user's personal data...

PT-2025-48: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to access information or functionality that exceeds the privileges granted to the user because the application checks access rights incorrectly. Vulnerability status:...

CVE-2021-25766

In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made...

PT-2022-8503 · Drupal · Drupal Quickedit Module

Name of the Vulnerable Software and Affected Versions: Drupal QuickEdit module affected versions not specified Description: The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the...

CVE-2021-25766

In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made...