1553 matches found
ipTIME A2004 - Unauthorized Access
An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. id: CVE-2024-54763 info: name: ipTIME A2004 - Unauthorized Access author: ritikchaddha severity: medium description: | An access control...
PT-2026-57388
Name of the Vulnerable Software and Affected Versions PDF Invoices & Packing Slips for WooCommerce versions prior to 5.14.1 Description An Insecure Direct Object Reference IDOR exists in the generate document shortcode function due to missing validation on a user-controlled key. Authenticated...
CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
An improper access check allows privileged users to overwrite media files without editing permissions...
Important: Red Hat Security Advisory: samba security update
An update for samba is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2026-22343 WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...
org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled
When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...
ROS-20260605-73-0003
The vulnerability in ImageMagick7 is related to insufficient resource control during its existence. Exploiting this vulnerability can allow an attacker to cause a service failure...
Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr...
CVE-2025-71304 smack: /smack/doi: accept previously used values
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
ROS-20260525-73-0001
Vulnerability in python-sqlparse related to insufficient control of a resource while it exists. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2026-44926
InfoScale CmdServer is affected by CVE-2026-44926 where versions prior to 7.4.2 mishandle access control, potentially enabling unauthenticated network attackers with low privileges and no user interaction to compromise confidentiality, integrity, and availability (CVSS v3.1: 8.8). The condition i...
CVE-2026-3074
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
EUVD-2026-30278
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...
PT-2026-40930
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...
PT-2026-40142
Name of the Vulnerable Software and Affected Versions Windows Event Logging Service affected versions not specified Description Improper access control in the Windows Event Logging Service allows an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no...
Ubuntu 22.04 LTS / 24.04 LTS : Slurm vulnerabilities (USN-8236-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8236-1 advisory. It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify fil...
Wagtail 安全漏洞
Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the ability for CMS users to submit content by constructing forms that allowed them to delete for...
CVE-2026-39520
Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through = 2.1.18...
CVE-2026-39681 WordPress Homeo theme <= 1.2.59 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through = 1.2.59...
CVE-2026-39561 WordPress Revive.so plugin <= 2.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through = 2.0.7...