ipTIME A2004 - Unauthorized Access

An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. id: CVE-2024-54763 info: name: ipTIME A2004 - Unauthorized Access author: ritikchaddha severity: medium description: | An access control...

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2026-22343 WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...

org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

CVE-2026-44926

InfoScale CmdServer is affected by CVE-2026-44926 where versions prior to 7.4.2 mishandle access control, potentially enabling unauthenticated network attackers with low privileges and no user interaction to compromise confidentiality, integrity, and availability (CVSS v3.1: 8.8). The condition i...

CVE-2026-3074

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

PT-2026-40930

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...

EUVD-2026-30278

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...

PT-2026-40142

Name of the Vulnerable Software and Affected Versions Windows Event Logging Service affected versions not specified Description Improper access control in the Windows Event Logging Service allows an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no...

Ubuntu 22.04 LTS / 24.04 LTS : Slurm vulnerabilities (USN-8236-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8236-1 advisory. It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify fil...

Wagtail 安全漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the ability for CMS users to submit content by constructing forms that allowed them to delete for...

CVE-2026-39520

Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through = 2.1.18...

CVE-2026-39561 WordPress Revive.so plugin <= 2.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through = 2.0.7...

CVE-2026-31150

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

AVideo has Plaintext Video Password Storage

Summary AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to the database via SQL injection, a database backup, or misconfigured access...

CVE-2026-32410

Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through = 2.2.5...

CVE-2026-4180 D-Link DIR-816 goahead redirect.asp access control

A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument tokenid leads to improper access controls. The attack may be initiated remotely. The exploit is publicly...

CVE-2026-32406 WordPress WPC Product Bundles for WooCommerce plugin <= 8.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through = 8.4.5...

CVE-2026-20165 Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise

In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspectin...

CVE-2026-25409

Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through = 1.1.1...