14 matches found
Exploit for CVE-2026-6741
CVE-2026-6741 CVE-2026-6741 is a CVSS 8.8 High Authenticated...
EUVD-2026-27856
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...
CVE-2026-20172
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...
CVE-2026-20172 Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...
PT-2026-37653
Name of the Vulnerable Software and Affected Versions Cisco Enterprise Chat and Email affected versions not specified Description A flaw in the Lite Agent feature of Cisco Enterprise Chat and Email ECE allows an authenticated remote attacker with at least Agent role credentials to perform...
CVE-2026-6741
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...
CVE-2026-6741
CVE-2026-6741 affects the WordPress plugin LatePoint (Calendar Booking Plugin for Appointments and Events). The vulnerability lies in the execute() method of the connect-customer-to-wp-user ability, which incorrectly allows an authenticated latepoint_agent with customer__edit to link any LatePoin...
EUVD-2026-25910
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...
PT-2026-35519
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...
CVE-2026-1566 LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...
EUVD-2026-9269
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...
PT-2026-22706
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...
CVE-2025-10054 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmremoveagent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wit...
CVE-2023-29868
Zammad 5.3.x Fixed in 5.4.0 is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions...