134 matches found
EUVD-2026-33407
Shopper: Authorization bypass and RBAC privilege escalation in team settings...
Project Management Authorization Vulnerabilities
Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from improper authorization i...
CVE-2026-47744
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...
CVE-2026-47744
CVE-2026-47744 affects Shopper: a Headless e-commerce Admin Panel. Two authorization flaws in Settings/Team enable RBAC takeover prior to version 2.8.0. First, Settings/Team/Index had no mount() authorization, allowing any authenticated panel user to load the page and perform public actions to cr...
CVE-2026-47744
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...
shopper 授权问题漏洞
Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 had authorization-related vulnerabilities. These vulnerabilities stemmed from two authorization flaws in the team settings system: the mount method in Settings/Team/Index was not...
PT-2026-44944
Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Two authorization defects in the team settings allow an authenticated user to compromise the Role-Based Access Control RBAC system. The endpoint "Settings/Team/Index" lacks mount authorization,...
Oracle Public Sector Financials (International) 安全漏洞
Oracle Public Sector Financials International is a financial management system for the public sector developed by Oracle Corporation. Versions 12.2.6 to 12.2.15 of Oracle Public Sector Financials International have security vulnerabilities. These vulnerabilities stem from issues with the...
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...
WordPress plugin Livemesh Addons for Beaver Builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Joomla! CMS 授权问题漏洞
Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has authorization-related vulnerabilities, which stem from insufficient state checks, allowing bypasses of 2FA authentication...
ROS-20260526-73-0016
Vulnerability in the registry related to flaws in the authorization mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...
wordpress plugin Image Photo Gallery Final Tiles Grid 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. WordPress plugins are additional applications that can b...
Microsoft Azure Resource Manager和Microsoft Azure Local 授权问题漏洞
Microsoft Azure Resource Manager and Microsoft Azure Local are both products of Microsoft Corporation in the United States. Microsoft Azure Resource Manager is a service for deploying and managing resources. Microsoft Azure Local is a hybrid cloud infrastructure platform. There are authorization...
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.9.7, 18.10....
Gerrit 安全漏洞
Gerrit is a code review tool used within the Gerrit community. Versions of Gerrit 2.12 and later contain security vulnerabilities. These vulnerabilities stem from improper authorization in the “submitted together” feature, which could allow authenticated attackers to bypass code reviews and force...
ERPNext 安全漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.102.0 and 16.11.0 of ERPNext contained security vulnerabilities. These vulnerabilities stemmed from certain endpoints failing to perform appropriate authorization...
Vulnerabilities found in various SAP products
SAP has identified vulnerabilities in the following SAP products: SAP S/4HANA, SAP Commerce Cloud, SAP Forecasting & Replenishment, SAP NetWeaver Application Server for ABAP, SAP Business Server Pages, SAP BusinessObjects Business Intelligence Platform, SAP Strategic Enterprise Management Scoreca...
PocketBase 授权问题漏洞
PocketBase is an open-source real-time backend developed by PocketBase. Versions of PocketBase prior to 0.22.42 and 0.37.4 contained authorization-related vulnerabilities. These vulnerabilities occurred because, under certain circumstances, attackers could create and link unverified PocketBase...
Dell Automation Platform 安全漏洞
Dell Automation Platform is an automation and resource orchestration platform for enterprise IT environments developed by the American company Dell. Versions of Dell Automation Platform prior to 2.0.0.0 contained security vulnerabilities. These vulnerabilities stemmed from lack of authorization...