CVE-2020-26818

SAP NetWeaver AS ABAP Web Dynpro, versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization,...

CVE-2025-48009

Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12...

CVE-2025-48116 WordPress EventON <= 2.4.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4...

Hitachi Ops Center Analyzer 安全漏洞

Hitachi Ops Center Analyzer is a data center management software from Hitachi, Ltd Hitachi, Japan. It monitors, reports, and correlates end-to-end performance from servers to storage. A security vulnerability exists in Hitachi Ops Center Analyzer versions prior to 10.0.0-00 through 11.0.4-00, whi...

WordPress plugin Music Player for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-1495

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...

CVE-2025-3963

A vulnerability, which was classified as critical, has been found in withstars Books-Management-System 1.0. This issue affects some unknown processing of the file /admin/article/list of the component Background Interface. The manipulation leads to missing authorization. The attack may be initiate...

WordPress plugin Doppler Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Add Product Frontend for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

The vulnerability of the monitoring and control application for SAP Just In Time lies in the lack of authorization, which allows a perpetrator to compromise the integrity of the protected information.

The vulnerability of the monitoring and control application for SAP Just In Time is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor to remotely influence the integrity of the protected information...

CVE-2025-30772 WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through = 3.0.4...

WordPress School Management System for Wordpress plugin <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by Lucio Sá in WordPress Plugin School Management versions = 93.0.0...

PiHome 安全漏洞

PiHome is a home automation system from the individual developers of PiHomeHVAC. A security vulnerability exists in PiHome version 2.0 that stems from /useraccounts.php?uid contains a missing authorization vulnerability...

WordPress WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Kévin Mosbahi Mika in WordPress Plugin WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon versions = 1.6...

SAP NetWeaver Server ABAP 安全漏洞

SAP NetWeaver Server ABAP is an application server from SAP, a German company. A security vulnerability exists in SAP NetWeaver Server ABAP that stems from a lack of authorization checking and could lead to an unauthenticated attacker accessing otherwise inaccessible data...

PT-2025-5276 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.3 Description: This issue was addressed through improved state management. A malicious app may be able to access arbitrary files. The problem is related to a lack of authorization, which could allow an attacker to...

CVE-2025-22607 Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on a Coolify instance by only knowing the UU...

WordPress Evergreen Content Poster plugin <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Evergreen Content Poster versions = 1.4.4...

WordPress plugin Copy Move Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress plugin Button Block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...