1101 matches found
CVE-2025-53295
Missing Authorization vulnerability in iCount iCount Payment Gateway icount allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iCount Payment Gateway: from n/a through = 2.0.7...
PT-2025-27203 · Unknown · Rohil Contact Form – 7 : Hide Success Message
Name of the Vulnerable Software and Affected Versions: Rohil Contact Form – 7 : Hide Success Message versions 1.1.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For...
CVE-2025-52889 Incus vulnerable to DoS through antispoofing nftables firewall rule bypass on bridge networks with ACLs
Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services DHCP, DNS... that partially bypass security options security.macfiltering, security.ipv4filtering and...
CVE-2025-52889
Incus (system container/VM manager) on versions 6.12–6.13 is vulnerable when an ACL on a bridge-connected device is used: nftables rules for local services can bypass security.mac_filtering, security.ipv4_filtering, and security.ipv6_filtering, enabling DHCP pool exhaustion and potential further ...
PT-2025-26358 · Unknown · Contentstudio
Name of the Vulnerable Software and Affected Versions: ContentStudio versions 1.3.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For ContentStudio versions 1.3.4 and...
PT-2025-26354 · Unknown · Thanhtungtnt Video List Manager
Name of the Vulnerable Software and Affected Versions: thanhtungtnt Video List Manager versions 1.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For thanhtungtnt Vide...
CVE-2025-49872
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through = 2.9.4.2...
CVE-2025-49864 WordPress AFS Analytics plugin <= 4.21 - Broken Access Control Vulnerability
Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through = 4.21...
PT-2025-25724 · Unknown · Afs Analytics
Name of the Vulnerable Software and Affected Versions: AFS Analytics versions through 4.21 Description: The issue is related to a Missing Authorization vulnerability, where AFS Analytics allows accessing functionality not properly constrained by ACLs. Recommendations: For versions through 4.21,...
CVE-2025-30934
Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through = 1.4.16...
CVE-2025-30934 WordPress 診断ジェネレータ作成プラグイン plugin <= 1.4.16 - Broken Access Control Vulnerability
Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through = 1.4.16...
CVE-2025-47558
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through 8.6.13...
CVE-2024-53708
Missing Authorization vulnerability in kekotron AI Quiz ai-quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through = 1.1...
CVE-2023-46630
Improper Authentication vulnerability in wpase Admin and Site Enhancements ASE allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements ASE: from n/a through 5.7.1...
CVE-2023-51542
Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14...
CVE-2022-44587
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3...
CVE-2020-5836
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled...
CVE-2018-20895
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts SEC-393...
CVE-2005-3177
CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions,...
CVE-2005-3168
The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists ACLs on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the...