CVE-2026-22182

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and commentid...

CVE-2026-2637

iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks. This issue affects iBoysoft NTFS: 8.0.0...

CVE-2025-9152 Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...

CVE-2023-40309

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionalit...

CVE-2023-34228

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions...

Maddy Mail Server 安全漏洞

Maddy Mail Server is a composable all-in-one mail server from the Russian individual developer Max Mazurov. A security vulnerability exists in maddy Mail Server versions prior to 0.5.4, which stems from not implementing password expiration or account expiration checks when using PAM for...