4920 matches found
CVE-2026-12393
The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...
CVE-2026-12393 WPS Bookings for WooCommerce < 3.11.7 - Subscriber+ Arbitrary Booking Order Cancellation via IDOR
The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...
CVE-2026-12393
The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...
EUVD-2026-45148
The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...
CVE-2026-12510
The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions...
EUVD-2026-44874
The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions...
CVE-2026-52893
Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan Accounts.onCreateUser hook in server/models/users.js merges OIDC logins into existing accounts when the OIDC email or username matches an existing Wekan user, without verifying ownership or checking emailverified. An attacker...
CVE-2026-52893
Wekan before 9.32 is vulnerable through the Accounts.onCreateUser hook in server/models/users.js, which merges OIDC logins into existing accounts when the OIDC email or username matches an existing Wekan user without verifying ownership or email_verified. An attacker with an OIDC provider account...
CVE-2026-59258 immich < 3.0.3 Shared Album Editor Ownership Takeover via updateUser
immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...
CVE-2026-59258
immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...
EUVD-2026-44752
Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...
CVE-2026-58660 Kanboard BoardAjaxController Missing Ownership Check via Drag-and-Drop
Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...
CVE-2026-58660
Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...
CVE-2026-58660 Kanboard BoardAjaxController Missing Ownership Check via Drag-and-Drop
Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...
CVE-2026-58660
Kanboard
CVE-2026-14251
A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collisio...
CVE-2026-14251
The CVE-2026-14251 entry concerns the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects, enabling a namespace-scoped Argo CD instance to delete a ClusterRole owned by a cluster-scoped Argo CD instance via a crafted name...
CVE-2026-14251 Gitops-operator: gitops-operator: missing allowednamespace check in reconcilerhook for clusterrole/role cases enables potential privilege escalation and dos
A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collisio...
CVE-2026-14251
A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collisio...
PT-2026-60319
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.32 Description The Accounts.onCreateUser function in server/models/users.js merges OIDC logins into existing accounts when the OIDC email or username matches an existing user without verifying ownership or checking th...