71 matches found
EUVD-2026-36582
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...
CVE-2026-50026
Frappe (full‑stack web framework) contains a permission-checking flaw in the relink and set_email_password endpoints. Prior to versions 15.107.0 and 16.17.0, lack of proper authorization allowed unauthorized access to resources. The issue has been patched in those versions; remediation is to upgr...
BIT-JENKINS-2026-53439
Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views"...
EUVD-2026-36023
Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views"...
CVE-2026-46444
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...
praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspaceid/members/userid endpoint is gated by requireworkspacememberworkspaceid, which defaults to minrole="member" and is never overridden by the route. The handler then calls MemberService.updateroleworkspaceid, userid,...
PT-2026-45066
Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspace id/members/user id endpoint is gated by require workspace memberworkspace id, which defaults to min role="member" and is never overridden by the route. The handler then calls MemberService.update roleworkspace id, user i...
WordPress plugin WP Promoter 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin Enable jQuery Migrate Helper 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin FastX theme 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
WordPress plugin GSheet For Woo Importer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-45007
phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated instead of userHasPermissionCONFIGURATIONEDIT. Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail...
CVE-2026-45007
phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated instead of userHasPermissionCONFIGURATIONEDIT. Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail...
PT-2026-41354
phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated instead of userHasPermissionCONFIGURATION EDIT. Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail...
Backstage 安全漏洞
Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 0.6.11 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforceable permission checks for entity retrieval...
PT-2026-41163
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.3.16 Description A missing permission check in API endpoints related to files allows any authenticated user to list, access, and delete every file uploaded by any user to the platform. The issue exists because th...
PT-2026-38311
Impact The unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting...
WordPress plugin Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-28274
In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NO PERMISSIONS on the experiment, to read trace information and create assessments for...
CVE-2026-25124
CVE-2026-25124 : OpenEMR prior to version 8.0.0 contains an access control flaw in the message_list.php report export functionality. There is no permission check before executing sensitive database queries; only CSRF token verification exists, which does not prevent unauthorized data access if a ...