CVE-2026-49047 WordPress DearFlip plugin <= 2.4.27 - Broken Access Control vulnerability

Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...

CVE-2026-39655 WordPress Mayosis Core plugin <= 5.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7...

GHSA-J3VX-CX2R-PVG8 Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret

Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret | Field | Value | | ---------------- | ----- | | Repository | Jovancoding/Network-AI | | Affected version | v5.4.4 commit c12686e181f231cf8d7bcf836a96d78f0f0877ac | Summary The MCP SSE server defaults to an empty secret...

CVE-2026-27393

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

CVE-2025-31985 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

CVE-2025-31985

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

CVE-2025-31985

CVE-2025-31985 affects HCL BigFix Service Management (SM). The issue is a security misconfiguration caused by a missing or insecure X-Content-Type-Options header, which could allow browsers to perform MIME-type sniffing and potentially cause malicious content to be interpreted and executed incorr...

CVE-2025-31985 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

EUVD-2025-209904

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

PT-2026-42145

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

CVE-2026-45442 WordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...

Security Misconfiguration in Jira Software Data Center

This High severity Security Misconfiguration vulnerability was introduced in versions 9.12.32, 10.3.17, and 11.3.3 of Jira Software Data Center. This Security Misconfiguration vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an...

EUVD-2026-29372

Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the applicati...

CVE-2026-34263 Missing authentication check in SAP Commerce cloud configuration

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

CVE-2026-34263

SAP Commerce Cloud is affected by CVE-2026-34263 due to a Spring Security misconfiguration that allows an unauthenticated user to upload malicious configuration and inject code, enabling arbitrary server-side code execution. The entry states high impact to Confidentiality, Integrity, and Availabi...

Security Misconfiguration vulnerability at Tomcat dependency in Bamboo Data Center

This High severity Security Misconfiguration vulnerability was introduced in version 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0 and 12.1.0 of Bamboo Data Center. This Security Misconfiguration vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

PT-2026-39922

Name of the Vulnerable Software and Affected Versions SAP Commerce cloud affected versions not specified Description Improper Spring Security configuration allows an unauthenticated user to perform malicious configuration upload and code injection. This can result in arbitrary server-side code...

EUVD-2025-209701

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

EUVD-2025-209699

HCL BigFix Service Management SM is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting XSS and potential exposure of sensitive information...

CVE-2025-31984

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...