CVE-2026-39331

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

CyberDAVA 安全漏洞

CyberDAVA is a unified platform for managing cyber risk from CyberDAVA, Inc. A security vulnerability exists in CyberDAVA versions prior to 1.1.20 that stems from a lack of access control and could lead to elevated privileges...

CVE-2020-26911

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 befor...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain increased privileges.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

nGrinder Security Vulnerabilities

nGrinder is a stress testing platform that enables you to perform script creation, test execution, monitoring and results report generator simultaneously. A security vulnerability exists in nGrinder versions prior to 3.5.9 that stems from a lack of access control and allows an attacker to obtain...

The vulnerability of the Trend Micro Worry-Free Business Security and Apex One anti-virus software lies in their lack of access control mechanisms, allowing attackers to execute arbitrary code.

The vulnerability of Trend Micro Worry-Free Business Security and Apex One anti-virus software lies in the lack of access control mechanisms. Exploiting this vulnerability allows an attacker to execute arbitrary code by running a specially created program...

The vulnerability of the McAfee Total Protection anti-virus protection lies in its lack of access control mechanisms, which allows attackers to enhance their privileges.

The vulnerability of the McAfee Total Protection antivirus protection lies in its lack of access control mechanisms. Exploiting this vulnerability allows attackers to enhance their privileges by manipulating symbolic links or executing malicious scripts or programs...

The vulnerability of the Libraries component in Oracle Java SE and Java SE Embedded software platforms allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Libraries component in Oracle Java SE and Java SE Embedded software platforms is related to lack of access control. Exploiting this vulnerability may allow an attacker operating remotely to gain unauthorized access to protected data...

The vulnerability of the Marketing Administration sub-component of the Oracle Marketing component of the Oracle E-Business Suite allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Marketing Administration sub-component of the Oracle Marketing component in the Oracle E-Business Suite is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized...

The vulnerability of the Cover Letter sub-component of the Oracle Content Manager component in the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data.

The vulnerability of the Cover Letter sub-component of the Oracle Content Manager component in the Oracle E-Business Suite is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data using the HTTP protocol...

The vulnerability of the SuperCluster Virtual Assistant component of the Oracle SuperCluster software platform allows a perpetrator to gain unauthorized access to protected data or cause service failures.

The vulnerability of the SuperCluster Virtual Assistant component of the Oracle SuperCluster-specific software is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected data, causing system crashes or unexpected...

The vulnerability of the Microsoft Outlook email client, which allows a hacker to compromise the confidentiality of information.

The vulnerability of the Microsoft Outlook email client is related to lack of access control. Exploiting this vulnerability allows a malicious actor to bypass the security measures of office programs by using a specially created document...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of Qualcomm’s Android operating system’s media codecs is related to lack of access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2016-2579 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to a lack of access control in the Windows operating system kernel driver, allowing a local attacker to potentially elevate their privileges using a specially...

PT-2016-1675 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to a lack of access control in the Windows operating system kernel mode driver, which can be exploited by a local attacker to elevate privileges using a...

The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server allows a intruder to execute arbitrary commands during guest access.

The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server lies in the lack of access control for certain functions. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands during guest access using a special web page...