CVE-2026-24310 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...

PT-2026-24163

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

PT-2026-24155

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...

CVE-2026-2488 ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pgdeletemsg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting us...

CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

CVE-2026-0974

The CVE affects the WordPress plugin Orderable (Restaurant Online Ordering System) up to version 1.20.0. A missing capability check in the install_plugin function allows authenticated attackers with Subscriber-level access and above to install arbitrary plugins, which can lead to Remote Code Exec...

CVE-2025-14427

CVE-2025-14427 affects the Shield: Blocks Bots, Protects Users, and Prevents Security Breaches WordPress plugin (Shield Security) with versions up to 21.0.9. Root cause is a missing capability check on the MfaEmailDisable action, enabling authenticated attackers with Subscriber-level access or hi...

CVE-2025-12356 Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

SAP NetWeaver AS ABAP and S/4HANA Missing Authorization Check (3672622)

The version of SAP NetWeaver Application Server ABAP and SAP S/4HANA detected on the remote host is affected by a missing authorization check vulnerability as disclosed in the SAP Security Patch Day February 2026: - SAP NetWeaver Application Server ABAP and SAP S/4HANA is affected by a missing...

SAP NetWeaver AS ABAP Missing Authorization Check (3674774)

The version of SAP NetWeaver Application Server ABAP detected on the remote host is affected by a missing authorization check vulnerability as disclosed in the SAP Security Patch Day February 2026: - SAP NetWeaver Application Server ABAP and ABAP Platform is affected by a missing authorization...

CVE-2026-24327

Due to missing authorization check in SAP Strategic Enterprise Management Balanced Scorecard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or...

CVE-2026-24322 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)

SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability...

CVE-2026-0484 Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the...

CVE-2025-13416

The CVE-2025-13416 relates to the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. Affected versions are all up to and including 5.9.7.2. Root cause: missing capability check in the pm_deactivate_user_from_group() function, enabling authenticated users with Subscriber-level a...

CVE-2025-14029 Community Events <= 1.5.6 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter

The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxadmineventapproval function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to approve arbitrary events via t...

PT-2026-2340

Name of the Vulnerable Software and Affected Versions Application Server ABAP and ABAP Platform affected versions not specified Description A missing authorization check exists in Application Server ABAP and ABAP Platform. An authenticated attacker can misuse an RFC function to execute form...

CVE-2025-14428

CVE-2025-14428 affects the WordPress plugin “All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements” up to version 2.3.3. The issue is a missing capability check in the my_sticky_elements_bulks function, allowing authenticated attackers with Su...

PT-2025-53903

Name of the Vulnerable Software and Affected Versions HR Management Lite versions prior to 3.6 Description An incorrect access control configuration exists in Weblizar HR Management Lite, potentially allowing unauthorized access. The issue involves a missing authorization check. Recommendations...

CVE-2025-14446

CVE-2025-14446 affects the Popup Builder (Easy Notify Lite) WordPress plugin (versions

CVE-2025-42876

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud Financials General Ledger, an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could...