267 matches found
SUSE CVE-2026-55276
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
PT-2026-53743
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An always-incorrect control flow...
CVE-2026-10835 SALESmanago & Leadoo < 3.11.3 - Subscriber+ SQL Injection
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...
CVE-2026-2461
Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...
[SECURITY] Fedora 42 Update: rpki-client-9.7-1.fc42
The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...
EUVD-2019-6100
Malware in sbrugna...
EUVD-2021-11551
Malware in sbrugna...
EUVD-2021-12002
Malware in sbrugna...
EUVD-2021-11900
Malware in sbrugna...
EUVD-2018-7389
Malware in sbrugna...
EUVD-2023-12596
Malicious code in bioql PyPI...
EUVD-2023-57944
Malicious code in bioql PyPI...
CVE-2025-41246 Improper authorisation vulnerability
VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs...
CVE-2025-41246
CVE-2025-41246 affects VMware Tools for Windows. The issue is an improper authorization in how user access controls are handled. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated via vCenter or ESX, may exploit this vulnerability to access other gues...
CVE-2025-29757
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account...
CVE-2025-6710
CVE-2025-6710 affects MongoDB Server via a stack overflow caused by the JSON parsing recursion. Impact: pre-auth crash for MongoDB 7.0.x < 7.0.17 and 8.0.x < 8.0.5; after-auth DoS for 6.0.x
CVE-2023-27485
thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying subresults, it is possible to query subresults from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresult...
CVE-2022-1020
The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...
CVE-2022-2657
The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status...
CVE-2022-0423
The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook...