3116 matches found
CVE-2026-27393
Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...
CVE-2026-48971
Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...
CVE-2026-45399
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...
CVE-2026-42753
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...
CVE-2026-46823
Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Orac...
CollegeManagementSystem 授权问题漏洞
CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. There are authorization issues in CollegeManagementSystem; these vulnerabilities stem from improper handling of the UserAuthData parameter in the...
CollegeManagementSystem 授权问题漏洞
CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. There are authorization issues in CollegeManagementSystem; these issues stem from improper handling of the UserAuthData parameter in the sessionstart functio...
Linqi 安全漏洞
Linqi is an English speaking practice platform developed by the German company Linqi. The platform combines human language interaction with AI feedback. Linqi has a security vulnerability, which stems from the lack of authorized checks. As a result, any authenticated user can read and write...
SourceCodester Ship Ferry Ticket Reservation System 授权问题漏洞
The SourceCodester Ship Ferry Ticket Reservation System is an open-source booking system developed by SourceCodester. Version 1.0 of the SourceCodester Ship Ferry Ticket Reservation System has a vulnerability related to authorization issues. This vulnerability arises from improper handling of the...
Iris 授权问题漏洞
Iris is an open-source fast, simple, yet fully functional and highly efficient Go network framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 had an authorization issue vulnerability. This vulnerability stemmed from the GraphQL endpoints not enforcing authorization checks, which...
CVE-2025-14774
Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
CVE-2025-14774
ABB T-MAC Plus 4.0-24 is affected by an Incorrect Authorization vulnerability. The CVSS metrics indicate adjacent access with low attack complexity and no user interaction, but no exploitable details or patch information are provided in the documents. Impact is reported as HIGH for integrity and ...
Student-Management-System 授权问题漏洞
Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability related to authorization in Student-Management-System, which stems from unknown functions of the Administrative Backend component in the admin/config.php file. This...
CVE-2026-27351
Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...
CVE-2026-42669
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...
PT-2026-45734
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...
WordPress plugin Crew HRM 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Hermes Agent 授权问题漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.23 contained an authorization vulnerability. This vulnerability stemmed from issues with the syncanthropicentryfromcredentialsfile function in the Credential...
Student-Management-System 授权问题漏洞
Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability in the student-management-system’s authorization mechanism; this vulnerability stems from improper authentication of unknown functions, which may lead to remote attac...
WordPress JTL-Connector for WooCommerce plugin <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Modification vulnerability discovered by Muhan Luo - Security Innovation in WordPress Plugin JTL-Connector for WooCommerce versions = 2.4.1...