161423 matches found
CVE-2026-12105
Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...
CVE-2026-12117
Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...
CVE-2026-11890
The CVE-2026-11890 entry corresponds to a Windows MSMQ vulnerability tracked as Queue-Shatter. PT-2026-40614 details a heap-based overflow in the mqac.sys driver when processing a Large Message, enabling unauthenticated RCE by sending crafted MSMQ packets to port 1801. Exploitation would grant SY...
CVE-2026-53863
OpenClaw before 2026.4.25 exposes an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. When a group ID is supplied to the policy resolver, it can lead to incorrect group-policy decisions for tool invocations, potentially bypassing intended access contr...
CVE-2026-10831 Improper Authorization of Break Signal Commands in Devices
A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network...
CVE-2026-52714
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...
CVE-2026-54190
Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...
CVE-2026-39490
Unauthenticated Broken Access Control in JupiterX Core = 4.14.1 versions...
CVE-2026-40809
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1...
CVE-2025-68045
Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...
CVE-2026-40809
CVE-2026-40809 concerns the WordPress Metro Magazine theme (versions
CVE-2026-40809 WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1...
EUVD-2026-37058
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1...
CVE-2026-54190
CVE-2026-54190 : Unauthenticated Broken Access Control affects the WordPress plugin Envira Photo Gallery versions up to and including 1.12.5 . The available sources describe an unauthenticated access control flaw in this plugin, with the vulnerability present in the affected release range. The co...
CVE-2026-54190 WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...
EUVD-2026-37052
Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...
CVE-2026-52714
CVE-2026-52714 involves an unauthenticated broken access control in the WordPress SEO Plugin by Squirrly SEO, affected versions
CVE-2026-52714 WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...
EUVD-2026-37050
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...
CVE-2026-52711 WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WooCommerce POS = 1.8.14 versions...