EUVD-2026-32107

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

EUVD-2026-32101

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

PT-2026-43547

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvca admin ajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce...

EUVD-2026-30241

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

CVE-2026-32991

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

EUVD-2026-29881

GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access ...

EUVD-2026-29363

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

WordPress plugin Listeo Core 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Listeo Core, which stems from a lack of...

SUSE CVE-2026-2461

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

CVE-2025-69727

CVE-2025-69727 affects INDEX-EDUCATION PRONOTE

EUVD-2026-10448

SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...

CVE-2026-24313

SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...

SAP NetWeaver Application Server for ABAP 安全漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver Application Server for ABAP, which stems from the lack of authorization checks. This vulnerability may lead to the reading,...

SAP S/4HANA HCM Portugal和SAP ERP HCM Portugal 安全漏洞

SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal are both human capital management modules developed by the German company SAP. Both systems have security vulnerabilities; these vulnerabilities stem from the lack of authorization checks, which may allow users with high privileges to access...

CVE-2025-58402

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...

CVE-2025-58402

CVE-2025-58402 affects the CGM CLININET application, where direct, sequential MessageID parameters enable unauthorized access to messages and attachments across users due to missing authorization checks. The issue is an Insecure Direct Object Reference (IDOR) that allows modification of GET param...

GFI Archiver 安全漏洞

GFI Archiver is an email archiving software developed by GFI Corporation. It is used to protect, store, and retrieve your electronic communications. GFI Archiver has a security vulnerability that stems from a lack of authorization checks in the configuration of the Marc.Store.Remoting.exe process...

CVE-2026-1655

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

Wings 安全漏洞

Wings is the server control interface for Pterodactyl Panel. Versions of Wings prior to 1.12.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in multiple controllers, which could allow node token holders to access information about any serv...

PT-2026-20281

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save frontend event submission function accepting a user-controlled event id parameter and updating the...