EUVD-2026-38162

phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser and updateUserRights endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edituser permission can set issuperadmin flag or grant arbitrary rights to escalate to SuperAdm...

PT-2026-48985

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description Four authorization and information disclosure issues exist within the chat...

GitLab Enterprise Edition（EE） 安全漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. There were security vulnerabilities in versions prior to GitLab EE 13.9, as well as versions prior to 18.10.8, 18.11.5, and 19.0.2. These vulnerabilities stemmed from incorrect authorization...

Adobe ColdFusion 安全漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier versions have security vulnerabilities. These vulnerabilitie...

Adobe Dreamweaver Desktop 安全漏洞

Adobe Dreamweaver Desktop is a web design and development software provided by Adobe, a company based in America. Versions of Adobe Dreamweaver Desktop starting from 21.7 and earlier have security vulnerabilities. These vulnerabilities stem from incorrect authorization, which may allow arbitrary...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0p5 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the user message dashboard widgets. As a result, the message retrieval endpoint would return...

EUVD-2026-33407

Shopper: Authorization bypass and RBAC privilege escalation in team settings...

WordPress plugin EventPrime 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Project Management 授权问题漏洞

Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from improper authorization i...

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

CVE-2026-47744

CVE-2026-47744 affects Shopper: a Headless e-commerce Admin Panel. Two authorization flaws in Settings/Team enable RBAC takeover prior to version 2.8.0. First, Settings/Team/Index had no mount() authorization, allowing any authenticated panel user to load the page and perform public actions to cr...

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

PT-2026-44944

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Two authorization defects in the team settings allow an authenticated user to compromise the Role-Based Access Control RBAC system. The endpoint "Settings/Team/Index" lacks mount authorization,...

shopper 授权问题漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 had authorization-related vulnerabilities. These vulnerabilities stemmed from two authorization flaws in the team settings system: the mount method in Settings/Team/Index was not...

Oracle Public Sector Financials (International) 安全漏洞

Oracle Public Sector Financials International is a financial management system for the public sector developed by Oracle Corporation. Versions 12.2.6 to 12.2.15 of Oracle Public Sector Financials International have security vulnerabilities. These vulnerabilities stem from issues with the...

WordPress plugin Livemesh Addons for Beaver Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...

Joomla! CMS 授权问题漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has authorization-related vulnerabilities, which stem from insufficient state checks, allowing bypasses of 2FA authentication...

ROS-20260526-73-0016

Vulnerability in the registry related to flaws in the authorization mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

wordpress plugin Image Photo Gallery Final Tiles Grid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. WordPress plugins are additional applications that can b...