CVE-2026-4029

The Database Backup for WordPress plugin (WordPress) is affected by unauthorized database export in all versions up to 2.5.2 due to improper enforcement of the authorization check return value. This enables unauthenticated attackers to export database tables, causing Sensitive Information Exposur...

grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation

An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...

Debian DSA-4623-1 : postgresql-11 - security update

Tom Lane discovered that 'ALTER ... DEPENDS ON EXTENSION' sub commands in the PostgreSQL database did not perform authorisation checks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4623. The text itself is...

CVE-2017-2673

The CVE-2017-2673 entry concerns an authorization-check flaw in OpenStack Keystone federation configurations. An authenticated federated user could request permissions to a project and be unintentionally granted all related roles, including administrative roles, due to inadequate authorization ch...

MGASA-2015-0421 Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.11, the API failed to correctly stop adding new chunks to the upload when the reported size was exceeded, allowing a malicious user to upload add an infinite number of chunks for a single file upload CVE-2015-8001. ...