EUVD-2026-20359

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

CVE-2025-69013

Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through = 1.6.1...

EulerOS 2.0 SP13 : golang (EulerOS-SA-2025-2521)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...

CVE-2025-63056

CVE-2025-63056 corresponds to a Missing Authorization flaw in the WordPress plugin Contact Form by BestWebSoft (versions up to and including 4.3.5). The issue is a bypass of access controls in the plugin’s configuration, enabling unauthorized access as described in the CVE entry. Public sources i...

EUVD-2018-8942

Malware in sbrugna...

EUVD-2025-3235

Malicious code in bioql PyPI...

EUVD-2025-14734

Malicious code in bioql PyPI...

EUVD-2023-46348

Malicious code in bioql PyPI...

EUVD-2023-43725

Malicious code in bioql PyPI...

cmd/go: Go VCS Command Execution Vulnerability

A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...

CVE-2025-3648

The CVE-2025-3648 entry concerns the Now Platform, where data could be inferred without authorization under certain conditional ACL configurations. The vulnerability allows unauthenticated and authenticated users to use range query requests to infer instance data not meant to be accessible. Techn...

CVE-2025-7076

CVE-2025-7076 affects BlackVue Dashcam 590X up to 20250624. The root cause is an improper access control in the file /upload.cgi of the Configuration Handler, exploitable from the local network. Multiple sources indicate the vulnerability is critical with potential impact on confidentiality, inte...

CVE-2025-5743

The CVE-2025-5743 entry concerns Schneider Electric EVLink WallBox (home charging station) with an OS command injection flaw (CWE-78). The vulnerability arises from improper neutralization of OS command elements, enabling remote control of the charging station when an authenticated user changes c...

PT-2025-24105 · Solaplugins · Sola Support Ticket

Name of the Vulnerable Software and Affected Versions: Sola Support Ticket versions 3.17 and earlier Description: The issue is related to a Missing Authorization vulnerability in SolaPlugins Sola Support Ticket, which allows exploiting incorrectly configured access control security levels...

PT-2025-24189

Name of the Vulnerable Software and Affected Versions ThemeHunk versions 1.1.1 and earlier Description The issue is related to missing authorization, allowing exploitation of incorrectly configured access control security levels. Recommendations For ThemeHunk versions 1.1.1 and earlier, update to...

CVE-2023-48775

Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2...

PT-2025-15198 · Qualcomm · Snapdragon +60

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A cryptographic issue may arise due to the access control configuration allowing Linux to read key registers in TCSR. Recommendations: At the moment, there is no information about a newer...

CVE-2025-26750

Missing Authorization vulnerability in appsbd Vitepos vitepos-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vitepos: from n/a through = 3.1.3...

CVE-2023-49818 WordPress Webflow Pages plugin <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8...

CVE-2023-21411

User provided input is not sanitized in the “Settings Access Control” configuration interface allowing for arbitrary code execution...