CVE-2024-41720

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device...

CVE-2024-41139

Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. If a user who can log in to the PC where the product's Windows client is installed places a specially crafted DLL file in a specific folder, arbitrary code may be executed with SYSTEM privile...

CVE-2023-25569

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...

CVE-2025-23407

Incorrect privilege assignment vulnerability in the WEB UI the setting page exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges...

CVE-2022-0277

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11...

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

CVE-2024-41970

A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources...

CVE-2025-23970

Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through = 6.1...

CVE-2025-31643

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0...

CVE-2024-41974

A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication...

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

titra 安全漏洞

titra is an open source time tracking project by kromit. A security vulnerability exists in titra 0.99.49 and earlier versions , the vulnerability stems from a bulk assignment vulnerability in the API that allows authenticated users to bypass business logic controls by injecting arbitrary fields...

CVE-2026-21695

CVE-2026-21695 affects the open source time tracking software Titra. In versions ≤ 0.99.49, the API suffers a Mass Assignment vulnerability: the endpoint merges user-supplied input via the JavaScript spread operator into the database document (customfields), without validating which keys are perm...

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

CVE-2025-31643

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0...

CVE-2025-31643 WordPress WPCHURCH plugin <= 2.7.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0...

CVE-2025-31643 WordPress WPCHURCH plugin <= 2.7.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0...

CVE-2025-31643

CVE-2025-31643 affects Dasinfomedia WPCHURCH up to version 2.7.0. The issue is described as an Incorrect Privilege Assignment that enables Privilege Escalation (high severity CVSS 3.1: 8.8; network, low attack complexity, low privileges required, no user interaction). Public exploit details are n...