4 matches found
YARPP <= 5.30.10 - Missing Authorization
The YARPP Yet Another Related Posts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in the /includes/yarppprosetdisplaytypes.php file in all versions up to, and including, 5.30.10. This makes it possible for unauthenticated attackers to set displ...
CVE-2026-57952
Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, c2profilesamplemessagewebhook that fail to verify payload ownership. An operator in one operation can invoke these...
CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...
FreeBSD : nagios -- web interface privilege escalation vulnerability (d4a358d3-e09a-11dd-a765-0030843d3802)
securityfocus reports : An attacker with low-level privileges may exploit this issue to bypass authorization and cause arbitrary commands to run within the context of the Nagios server. This may aid in further attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...