CVE-2026-2461

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

[SECURITY] Fedora 42 Update: rpki-client-9.7-1.fc42

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

EUVD-2019-6100

Malware in sbrugna...

EUVD-2021-11551

Malware in sbrugna...

EUVD-2021-12002

Malware in sbrugna...

EUVD-2018-7389

Malware in sbrugna...

EUVD-2021-11900

Malware in sbrugna...

EUVD-2023-57944

Malicious code in bioql PyPI...

EUVD-2023-12596

Malicious code in bioql PyPI...

CVE-2025-41246 Improper authorisation vulnerability

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs...

CVE-2025-41246

CVE-2025-41246 affects VMware Tools for Windows. The issue is an improper authorization in how user access controls are handled. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated via vCenter or ESX, may exploit this vulnerability to access other gues...

CVE-2025-29757

An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account...

CVE-2025-6710

CVE-2025-6710 affects MongoDB Server via a stack overflow caused by the JSON parsing recursion. Impact: pre-auth crash for MongoDB 7.0.x < 7.0.17 and 8.0.x < 8.0.5; after-auth DoS for 6.0.x

CVE-2023-27485

thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying subresults, it is possible to query subresults from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresult...

CVE-2022-1020

The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...

CVE-2022-2657

The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status...

CVE-2022-0423

The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook...

CVE-2021-24994

The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue...

CVE-2021-25090

The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows...

CVE-2025-40619

Bookgy suffers an improper access control vulnerability that could permit unauthenticated users to reach private or role-specific areas. The issue is described as insufficient authorization across multiple areas of the application, with a high impact on confidentiality (and a high impact on integ...