PT-2026-31423

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 and prior to 6.5.4 Description Zammad, a web-based open source helpdesk system, had an issue where the REST endpoint ''/api/v1/ai assistance/text tools/:id'' did not verify user privileges for using text tools...

RockyLinux 8 : postgresql:15 (RLSA-2026:0524)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0524 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer wraparound...

WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin missing authorization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a privilege checking...

WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a privilege checking...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma prior to 14.8.2 and Sequoia prior to 15.7.2, which stems from insufficient privilege checking and could result in access to...

EUVD-2025-6895

Malicious code in bioql PyPI...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS that stems from insufficient privilege checking and could cause an application to access protected user data. The following versio...

Apple macOS 安全漏洞

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

CVE-2025-55627

The issue CVE-2025-55627 affects Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime (firmware 3.0.0.4662_2503122283). Root cause: insufficient privilege verification allows authenticated attackers to create accounts with elevated privileges. Impact: potential unauthorized account elevation...

Linux Distros Unpatched Vulnerability : CVE-2023-38058

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket...

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era from the Swiss ZITADEL open source. A security vulnerability exists in ZITADEL versions 4.0.0-rc.2, 3.3.2, 2.71.13, and prior to 2.70.14, which stems from a la...

CVE-2024-8765

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

CVE-2024-8765

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

CVE-2024-8765

CVE-2024-8765 affects lunary-ai/lunary (git afc5df4). The privilege check logic erroneously marks endpoints as public if the path contains "/auth/" anywhere, allowing unauthenticated attackers to access sensitive endpoints and potentially obtain/modify data or leverage resources across organizati...

WordPress plugin Sparkling 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

UNISOC Chipsets Security Vulnerability

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of privilege checking in the ims service, with a possible method to write a privilege usage log of an application...

UBUNTU-CVE-2023-38058

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35...

PT-2023-26269 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: OTRS versions 8.0.X through 8.0.34 Description: An improper privilege check in the OTRS ticket move action in the agent interface allows any authenticated attacker to perform a move of a ticket without the needed permission. Recommendations:...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in telephony services, leading to local information leakage. The following products are affected:...