CVE-2025-14774

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

CVE-2025-14774

ABB T-MAC Plus 4.0-24 is affected by an Incorrect Authorization vulnerability. The CVSS metrics indicate adjacent access with low attack complexity and no user interaction, but no exploitable details or patch information are provided in the documents. Impact is reported as HIGH for integrity and ...

CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

CVE-2026-42669

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...

PT-2026-45734

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...

WordPress JTL-Connector for WooCommerce plugin <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Modification vulnerability discovered by Muhan Luo - Security Innovation in WordPress Plugin JTL-Connector for WooCommerce versions = 2.4.1...

CVE-2026-10218 nextlevelbuilder GoClaw evolution_handlers.go auth improper authorization

A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolutionhandlers.go. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

NextCloud Android app authorization issue vulnerability

The Nextcloud Android app is a mobile application developed by the German company Nextcloud, designed for accessing Nextcloud servers on the Android platform. In versions 33.0.0 to 33.1.0 of the Nextcloud Android app, there was an authorization vulnerability. This vulnerability occurred when...

SourceCodester Water Billing Management System Authorization Vulnerability

The SourceCodester Water Billing Management System is an open-source water billing management system developed by SourceCodester. Version 1.0 of the SourceCodester Water Billing Management System has a vulnerability related to authorization issues. This vulnerability stems from a problem with the...

NextCloud user_oidc: Authorization issue vulnerability

Nextcloud useroidc is an application developed by the German company Nextcloud. There were authorization issues in versions of Nextcloud useroidc between 0.3.0 and 3.1.0, as well as between 5.0.0 and 5.1.0, and between 6.0.0 and 6.4.0. This issue stemmed from a lack of User OIDC signature...

Dolibarr ERP CRM Authorization Issues and Vulnerabilities

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.1 and earlier had an authorization issue. This vulnerability stems from an improper authorization in the CheckUserAccessToObject function within the Leave Request RES...

NextCloud Server Authorization Issues Vulnerability

NextCloud Server is an open-source NextCloud server program developed by NextCloud. Versions of NextCloud Server from 32.0.0 to 32.0.9 and from 33.0.0 to 33.0.3 contained vulnerabilities related to authorization. These vulnerabilities stemmed from the possibility that the session cookie, which...

Student-Management-System Authorization Vulnerabilities

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability in the Student-Management-System’s authorization mechanism; this issue stems from incorrect handling of the parameter “sid” in the file admin/deleteform.php, which ma...

PT-2026-45464

Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Document Revisions: from n/a before 4.0.0...

9Router Authorization Vulnerability

9Router is an intelligent routing and authorization AI model proxy tool developed by decolua’s individual developers. Versions of 9Router prior to 0.4.0 contained an authorization vulnerability. This vulnerability stemmed from incorrect handling of the Host parameter in the function isAuthenticat...

PackageKit authorization issue vulnerability

PackageKit is an open-source system for installing and updating software. Versions of PackageKit 1.3.5 and earlier have a licensing issue vulnerability. This vulnerability stems from incorrect handling of the parameter ‘frontend-socket’ in the function gfiletest within the API component file...

WordPress plugin GeoDirectory has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

DaybydayCRM authorization issue vulnerability

DaybydayCRM is a daily customer relationship management system developed by Casper Bottelet as an individual project. Versions of DaybydayCRM 2.2.1 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper authorization in the view function within the...

NextCloud Authorization Issues Vulnerability

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. Versions of Nextcloud prior to 2.7.2 contained an authorization vulnerability. This vulnerability stemmed from permission escalation, which could...

NextCloud Temporary Files Lock Authorization Vulnerability

NextCloud Temporary Files Lock is an open-source tool developed by NextCloud for locking temporary files, preventing others from editing them. In versions 32.0.0 to 32.0.2 and 33.0.0 to 33.0.1 of NextCloud Temporary Files Lock, there were authorization-related vulnerabilities. These vulnerabiliti...