CVE-2026-3896 Livemesh SiteOrigin Widgets <= 3.9.2 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsowadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...

CVE-2026-2900

GitLab EE patched a vulnerability where, if instance-level approval rule editing prevention was enabled, an authenticated Maintainer could modify or delete project approval rules due to missing authorization checks. Affected are GitLab EE versions: 16.10 before 18.9.7, 18.10 before 18.10.6, and 1...

CVE-2026-44341 GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint

GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access ...

CVE-2026-1572

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler laeadminajax and insufficient...

CVE-2026-1572

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler laeadminajax and insufficient...

CVE-2026-27676

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

SAP ERP和SAP S/4HANA 安全漏洞

SAP ERP and SAP S/4HANA are both products of the German company SAP. SAP ERP is a suite of software used for ERP management. SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system. There are security vulnerabilities in SAP ERP and SAP S/4HANA...

SAP Strategic Enterprise Management 安全漏洞

SAP Strategic Enterprise Management is a corporate strategic management software developed by the German company SAP. There is a security vulnerability in SAP Strategic Enterprise Management, which stems from the lack of authorization checks, potentially allowing unauthorized access to informatio...

CVE-2025-15378

CVE-2025-15378 concerns the WordPress AJS Footnotes plugin, where versions up to 1.0 are vulnerable to a stored XSS due to missing authorization/nonce verification on settings save and insufficient input sanitization/output escaping on two parameters: note_list_class and popup_display_effect_in. ...

WordPress plugin CRM Memberships 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-44794

Name of the Vulnerable Software and Affected Versions FairSketch Rise Ultimate Project Manager & CRM version 3.9.4 Description A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization. This is due to missing authorization chec...

EUVD-2025-36220

IDOR vulnerability in Educare ERP 1.0 2025-04-22 allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object...

PT-2025-43998

Name of the Vulnerable Software and Affected Versions Educare ERP version 1.0 Description An IDOR Insecure Direct Object Reference vulnerability exists that allows unauthorized access to sensitive data through manipulated object references. Affected API endpoints do not enforce proper authorizati...

CVE-2025-9243 Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions

The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the getccorders and updateorderstatus functions in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with...

EUVD-2025-27212

Malicious code in bioql PyPI...

SAP HCM My Timesheet Fiori 安全漏洞

SAP HCM My Timesheet Fiori is a timesheet application from SAP, Germany. A security vulnerability exists in SAP HCM My Timesheet Fiori version 2.0, which stems from a lack of authorization checking and could lead to elevated privileges...

PT-2025-36693

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.54 TYPO3 CMS versions 10.0.0 through 10.4.53 TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: The Backend Routing...

SUNNET Corporate Training Management System 安全漏洞

SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.11, which stems from a lack of authorization checking and could lead to unauthorized application...

WordPress plugin WP Human Resource Management 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2021-21486

SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...