154 matches found
Chainlit 安全漏洞
Chainlit is a large model dialog interface framework open-sourced by chainlit. A security vulnerability exists in Chainlit versions prior to 2.8.5 that stems from the presence of an authorization bypass via a user control key, which could lead to an attacker logging in to view threads or gain...
PT-2026-2833
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...
Broadcom DX NetOps Spectrum 安全漏洞
Broadcom DX NetOps Spectrum is a network fault management and condition monitoring platform from Broadcom Corporation USA. A security vulnerability exists in Broadcom DX NetOps Spectrum version 24.3.10 and earlier, which stems from a user-controllable key resulting in an authorization bypass that...
CVE-2026-22489 WordPress Image Slider Slideshow plugin <= 1.8 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow image-slider-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through = 1.8...
PT-2026-1269
Name of the Vulnerable Software and Affected Versions Rustaurius Five Star Restaurant Reservations versions through 2.7.8 Description An authorization bypass exists in Rustaurius Five Star Restaurant Reservations due to incorrectly configured access control security levels. This allows exploitati...
CVE-2025-49334
Authorization Bypass Through User-Controlled Key vulnerability in Eduardo Villão MyD Delivery myd-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyD Delivery: from n/a through = 1.7.1...
EUVD-2025-205943
Authorization Bypass Through User-Controlled Key vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.9.9.4...
CVE-2025-68979
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...
WordPress plugin Order Cancellation & Returns for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-69029 WordPress Struktur theme <= 2.5.1 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through = 2.5.1...
WordPress plugin wpDiscuz 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2025-68502 WordPress JetPopup plugin <= 2.0.20.1 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through 2.0.20.1...
PT-2025-52550
Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.8 Description The WP JobHunt plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This affects versions up to and including 7.7, stemming from a lack of validatio...
CVE-2025-10019
Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through = 1.3.60...
PT-2025-52265
Authorization Bypass Through User-Controlled Key vulnerability in RadiusTheme Radius Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Radius Blocks: from n/a through 2.2.1...
PT-2025-51455
Name of the Vulnerable Software and Affected Versions g5theme Essential Real Estate versions through 5.2.2 Description An authorization bypass exists due to incorrectly configured access control security levels. This allows for unauthorized access. The issue is present in g5theme Essential Real...
PT-2025-51473
Name of the Vulnerable Software and Affected Versions Menulux Software Inc. Mobile App versions prior to 9.5.8 Description An authorization bypass exists in the Menulux Software Inc. Mobile App due to a vulnerability related to user-controlled keys and the exploitation of trusted identifiers. Thi...
CVE-2025-58137
Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...
CVE-2025-58137 Apache Fineract: IDOR via self-service API
Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...
Apache Fineract 安全漏洞
Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from a security...