CVE-2026-24134

StudioCMS prior to v0.2.0 is affected by a Broken Object Level Authorization (BOLA) in the Content Management feature. The vulnerability allows users with the Visitor role to access draft content created by Editors/Admins/Owners, effectively bypassing RBAC for unpublished content. The issue is mi...

StudioCMS has Authorization Bypass Through User-Controlled Key

Summary StudioCMS contains a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Details The Issue: The endpoint /dashboard/content-management/edit?edit=UUID...

PT-2026-5037

Name of the Vulnerable Software and Affected Versions StudioCMS versions prior to 0.2.0 Description StudioCMS contains a Broken Object Level Authorization BOLA vulnerability in the Content Management feature. This allows users with the "Visitor" role to access draft content created by Editor,...

CVE-2025-12640 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the...

PT-2026-1699

Name of the Vulnerable Software and Affected Versions The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress versions up to and including 3.1.5 Description The Folders plugin for WordPress is susceptible to unauthorized arbitrary media...

WordPress plugin Folders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2025-203187

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

CVE-2025-12512

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

CVE-2025-12512 GenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

WordPress plugin GenerateBlocks 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

CVE-2025-12777

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...

KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025

KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...

KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025

KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

EUVD-2025-38272

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

CVE-2025-63783

Onlook web application 0.2.32 contains a Broken Object Level Authorization (BOLA) in tRPC mutation APIs (update, delete, add/remove tag). The API fails to verify the requester’s ownership/membership for the target project ID, enabling an authenticated attacker to modify, delete, or manipulate tag...

EUVD-2024-54317

Malicious code in bioql PyPI...

EUVD-2024-54316

Malicious code in bioql PyPI...

EUVD-2024-54487

Malicious code in bioql PyPI...