CVE-2026-21621

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

WordPress Infility Global plugin <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass vulnerability

Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass vulnerability discovered by andrea bocchetti in WordPress Plugin Infility Global versions = 2.14.46...

CVE-2025-11587 Call Now Button <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update

The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...

alf.io Security Vulnerabilities

alf.io is open source ticket reservation system. A security vulnerability exists in alf.io versions prior to 2.0-Mr-2402. An attacker can exploit the vulnerability to view user ID details, especially the API KEY in the username...