3148 matches found
CVE-2026-58556
Technical details (affected product/version/root cause/remediation) are not publicly available in the provided documents. Monitor for updates.
AntD Admin - Sensitive Information Disclosure
AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information such as user...
DNS Client Tampering Vulnerability
Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally...
CVE-2026-57799
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through = 1.3.6...
EUVD-2026-43292
The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level self-registerable account to read other employers' private account email addresses by enumerating job...
CVE-2026-57788 WordPress Aalto theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Aalto aalto allows PHP Local File Inclusion.This issue affects Aalto: from n/a through = 1.8...
CVE-2026-57404
CVE-2026-57404 is a Missing Authorization / Broken Access Control vulnerability affecting the WordPress plugin Booking and Rental Manager for WooCommerce (versions up to 2.6.9). The issue arises from incorrectly configured access control security levels in Booking and Rental Manager, allowing una...
CVE-2026-15475
Summary: CVE-2026-15475 affects MiniTool Partition Wizard (up to v13.6), specifically the Signed Kernel Driver pwdrvio.sys. A manipulation of an unknown function in pwdrvio.sys leads to improper access controls. The attack is local. Publicly available exploit suggests potential use in attacks. A ...
CVE-2026-41878
R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...
CVE-2026-40009
Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...
CVE-2026-21050
Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-21041
Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-15188
A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...
CVE-2025-45422
Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules...
CVE-2026-48956
An improper access check allows users to display a list of modules in the frontend...
EUVD-2026-42065
An improper access check allows users to display a list of modules in the frontend...
CVE-2026-59709 Ghostfolio - Unauthorized Portfolio Holding Tag Modification via Missing Permission Check
Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove...
CVE-2026-34047
CVE-2026-34047 affects Coolify prior to 4.0.0-beta.471. The flaw is in terminal WebSocket bootstrap routes where authorization middleware was not enforced, allowing an authenticated user to access terminal functionality for resources outside the authorized scope and potentially execute commands. ...
EUVD-2026-41765
Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing. This issue affects Pardus-Parental-Control: from =0.5.1 before 0.7.0...
EUVD-2026-41671
HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlyi...