CVE-2024-37210

Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5...

CVE-2024-37496

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7...

CVE-2024-33685

Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1...

CVE-2024-31435

: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6...

CVE-2024-32949

Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8...

CVE-2024-33909

Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1...

CVE-2024-24709

Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11...

Information Exposure

Gitea is vulnerable to Information Exposure. The vulnerability is due to missing reqRepoReaderunit.TypeCode authorization checks on the issuetemplates, issueconfig, and issueconfig/validate API endpoints, which allows an attacker to access and retrieve repository issue template and configuration...

CVE-2024-37496

CVE-2024-37496 concerns the WordPress Metro Magazine theme (

CVE-2024-37210

CVE-2024-37210 concerns WordPress AliExpress Dropshipping with AliNext Lite plugin

Improper Authorization

code.gitea.io/gitea is vulnerable to improper authorization. The vulnerability is due to the /archive/ endpoint not enforcing OAuth2 download token scope validation checkDownloadTokenScope or CheckRepoScopedToken, which allows an attacker with an OAuth2 token to download repository archives witho...

CVE-2026-50559

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

CVE-2026-46967

Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to missing authorization checks in the DataSource API. An attacker can access and retrieve arbitrary data source metadata by sending unauthorized requests to the affected API endpoints. Remediation Upgrade...

Open Redirect

Spring Authorization Server is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of the requesturi parameter at the authorization endpoint, where a malicious authorization request can include an invalid requesturi and an attacker-controlled redirecturi, resulting in...

CVE-2026-32967 Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

CVE-2026-32967

The CVE-2026-32967 issue is an Incorrect Authorization vulnerability in Apache DolphinScheduler's /v2 experimental interface. Affected software: DolphinScheduler before version 3.4.2. Root cause: missing/incorrect permission checks on the /v2 endpoint. Impact: authorization bypass risk for the in...

CVE-2026-42357

CVE-2026-42357 describes an Incorrect Authorization vulnerability in Apache DolphinScheduler. The issue allows users to access workflow instance information for projects they should not access. Affected versions are DolphinScheduler

CVE-2026-41280 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

CVE-2026-41280

CVE-2026-41280 affects Apache DolphinScheduler prior to 3.4.2. The issue is an Incorrect Authorization vulnerability where users with system login privileges can delete task definitions in unauthorized projects due to insufficient access controls. The documented impact is deletion of task definit...