EUVD-2026-33419

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in various Developer Tools. A malicious individual could exploit these vulnerabilities to carry out attacks that can cause the following types of damage: - Denial-of-Service DoS attacks - Bypass of security measures - Execution of arbitrary code user rights...

HiJiffy Chatbot 安全漏洞

HiJiffy Chatbot is a customer communication and automated response system for the hospitality industry developed by HiJiffy. There is a security vulnerability in HiJiffy Chatbot, which stems from improper authorization. This vulnerability could allow attackers to download private messages from...

CVE-2026-28135

Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through = 1.7.1049...

CVE-2024-39625

Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24...

CVE-2025-58243

Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects imEvent: from n/a through = 3.4.0...

EUVD-2024-52403

Malicious code in bioql PyPI...

CVE-2025-49406

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1...

CVE-2025-30934

Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through = 1.4.16...

CVE-2025-47558

Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through 8.6.13...

CVE-2024-53708

Missing Authorization vulnerability in kekotron AI Quiz ai-quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through = 1.1...

CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through = 2.3.7...

CVE-2025-47457 WordPress LocateAndFilter plugin <= 1.6.16 - Broken Access Control Vulnerability

Missing Authorization vulnerability in dgamoni LocateAndFilter locateandfilter allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LocateAndFilter: from n/a through = 1.6.16...

CVE-2025-39513

Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND activedemand allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ActiveDEMAND: from n/a through = 0.2.46...

CVE-2025-26958

Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through = 2.4.3...

CVE-2025-26958

CVE-2025-26958 affects the WordPress Crocoblock JetBlog (JetBlog for Elementor) up to version 2.4.3. The issue is a Missing Authorization vulnerability that permits accessing functionality not properly constrained by ACLs. Reported across multiple sources (including Patchstack and CVE registries)...

CVE-2025-26944 WordPress JetPopup plugin <= 2.0.11 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through = 2.0.11...

CVE-2025-26942

CVE-2025-26942 (JetTricks plugin) : Affected Product/Version: Crocoblock JetTricks plugin up to and including 1.5.1. Root cause: Missing/relaxed authorization enabling Accessing Functionality Not Properly Constrained by ACLs. Impact: Missing Authorization vulnerability could allow unauthorized ac...

CVE-2025-31012

CVE-2025-31012 describes a Missing Authorization vulnerability in the WordPress plugin “Age Gate,” affecting versions up to 3.5.4. The root cause is missing authorization checks, allowing access to functionality unconstrained by ACLs. The Wordfence vulnerability entry confirms this issue and note...

CVE-2025-30821 WordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu h5pxapikatchu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through = 0.4.14...