99 matches found
CVE-2025-34331
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...
CVE-2025-62651
The Restaurant Brands International RBI assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface...
CVE-2025-62651
The Restaurant Brands International RBI assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface...
EUVD-2024-43539
Malicious code in bioql PyPI...
EUVD-2024-40164
Malicious code in bioql PyPI...
CVE-2025-54040 WordPress Webba Booking <= 5.1.20 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webba Booking: from n/a through = 5.1.20...
CVE-2025-55716 WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability
Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a through 14.15...
CVE-2025-50034 WordPress Enhanced Blocks – Page Builder Blocks for Gutenberg plugin <= 1.4.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Blocks – Page Builder Blocks for Gutenberg: from n/a through = 1.4.1...
CVE-2025-23999
CVE-2025-23999 is a Missing Authorization / Broken Access Control vulnerability impacting the Breeze WordPress Cache Plugin (WordPress Breeze). Public sources confirm the affected range as Breeze versions up to and including 2.2.13. The underlying issue is an access-control misconfiguration that ...
CVE-2025-49872 WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WPExperts.io myCred allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects myCred: from n/a through 2.9.4.2...
CVE-2025-47463 WordPress Stock Locations for WooCommerce plugin <= 2.8.6 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through = 2.8.6...
CVE-2025-29006 WordPress Direct Checkout for WooCommerce Lite plugin <= 1.0.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite woo-direct-checkout-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Direct Checkout for WooCommerce Lite: from n/a through = 1.0.3...
CVE-2025-30927
CVE-2025-30927 (Wordapp, WordPress): Missing Authorization due to incorrectly configured access control affects Wordapp plugin versions up to 1.7.0. CVSS 3.1/4.3 (Base 4.3; Network attack vector, Low complexity, Privileges Required: Low, No user interaction; Confidentiality impact: Low). The conn...
CVE-2025-30934 WordPress 診断ジェネレータ作成プラグイン plugin <= 1.4.16 - Broken Access Control Vulnerability
Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through = 1.4.16...
CVE-2025-49270 WordPress WP-CRM System <= 3.4.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2...
CVE-2025-49240 WordPress DocsPress plugin <= 2.5.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in nK DocsPress docspress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DocsPress: from n/a through = 2.5.2...
CVE-2024-21665
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...
CVE-2024-37204
Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9...
CVE-2021-39916
Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....
CVE-2025-39412 WordPress Master Slider plugin <= 3.11.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in averta Master Slider master-slider.This issue affects Master Slider: from n/a through = 3.11.0...