EUVD-2026-27851

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could...

PT-2026-37651

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could...

WordPress plugin Yoast Duplicate Post 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2023-49233

Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of...

Visual Planning Admin Center 安全漏洞

Visual Planning Admin Center is a cloud-based resource management and scheduling software from Visual Planning. A security vulnerability exists in versions prior to Visual Planning Admin Center 8 Build 240207 that stems from insufficient access checking. An attacker could exploit the vulnerabilit...

CVE-2023-49233

Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of...

PT-2024-13702 · Unknown · Visual Planning Admin Center

Name of the Vulnerable Software and Affected Versions: Visual Planning Admin Center 8 versions prior to v.1 Build 240207 Description: The issue is related to insufficient access checks, allowing attackers with non-administrative accounts to utilize functions normally reserved for administrators...

Information Disclosure

mantisbt/mantisbt is vulnerable to Information Disclosure. The vulnerability is due to insufficient access checks when generating hyperlinks for users who do not have access, allowing some information to be revealed via the link, link label, and tooltip...

Information Leakage

matrix-appservice-irc is vulnerable to Information Leakage. The vulnerability is due to insufficient access checks when constructing a reply in MatrixHandler.ts, allowing malicious users to reply to events they shouldn't have access to...

MantisBT Information Disclosure Vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in a web-operable format. An information disclosure vulnerability exists in MantisBT 2.25.7 and earlier versions, which stems from insufficient...

GHSA-F683-35W9-28G5 Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)

The CAPTCHA of the extension can be bypassed which may result in automated creation of various newsletter subscribers. It is possible to provide arbitrary subscription UIDs to the deleteAction of the extension resulting in all newsletter subscribers to be unsubscribed. Insufficient access checks ...

UBUNTU-CVE-2020-13676

The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module which comes with the Standard profile is installed...

QNAP Systems HBS 3 安全漏洞

Qnap Systems QNAP HBS 3 is an application from China Weilian Qnap Systems. A comprehensive data backup and disaster recovery solution. An authorization issue vulnerability exists in HBS 3 Hybrid Backup Sync that stems from a failure to perform adequate authorization checks. An attacker could use...

The vulnerability of the rbd driver in the Linux operating system, which allows attackers to increase their privileges

The vulnerability of the Linux operating system’s rbd driver is related to insufficient checks on access rights. Exploiting this vulnerability can allow attackers to increase their privileges...

PT-2018-3940 · Microsoft · Expression Blend 4 +1

Name of the Vulnerable Software and Affected Versions: Microsoft Visual Studio affected versions not specified Expression Blend 4 affected versions not specified Description: A remote code execution issue exists due to insufficient access control checks in the software, potentially allowing an...

OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

OpenJDK: insufficient access control checks in ImageWatched (AWT, 8174098)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attac...

OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...