5799 matches found
WordPress Easy Student Results <=2.2.8 - Improper Authorization
WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...
CVE-2026-48321
Technical details are not publicly available in the provided documents; no affected products, versions, or remediation are specified. Monitor for updates.
CVE-2026-58540
Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally...
CVE-2026-58277
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network...
CVE-2026-54121
Improper authorization in Active Directory Certificate Services AD CS allows an authorized attacker to elevate privileges over a network...
CVE-2026-50346
Improper authorization in RPC Runtime allows an authorized attacker to elevate privileges locally...
CVE-2026-50344
Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally...
CVE-2026-15058
Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user's messages via a direct object reference to the message identifier...
CVE-2026-15058
The CVE-2026-15058 affects Devolutions Server versions 2026.2.11 and 2026.1.22, where the secure messages deletion endpoint incorrectly authorizes access. An authenticated user can delete another user’s messages by directly referencing the message identifier, due to an improper authorization flaw...
CVE-2026-58631
Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally...
CVE-2026-58631
CVE-2026-58631 involves Windows Admin Center where improper authorization allows an authorized attacker to execute code locally. The available sources describe a local attack vector with high impact (C:H/I:H/A:H) and a CVSS v3.1 base score of 7.8, indicating remote code execution risk within the ...
Windows OLE Elevation of Privilege Vulnerability
Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally...
Netlogon RPC Elevation of Privilege Vulnerability
Improper authorization in RPC Runtime allows an authorized attacker to elevate privileges locally...
Tenda AC1200 V-W15Ev2 - Authentication Bypass
The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The...
QNAP HBS 3 - Broken Access Control
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...
ProjectSend <= r1605 - Improper Authorization
An improper authorization check was identified within ProjectSend version r1605 that allows an attacker to perform sensitive actions such as enabling user registration and auto validation, or adding new entries in the whitelist of allowed extensions for uploaded files. Ultimately, this allows to...
PT-2026-58653
Name of the Vulnerable Software and Affected Versions Windows Installer affected versions not specified Description Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally, which can lead to an elevation-of-privilege impact on the system...
PT-2026-58639
Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper authorization allows an authorized attacker to elevate privileges over a network, enabling them to affect the system. Recommendations At the moment, there is no...
CVE-2026-62188
OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...
CVE-2026-15594
A vulnerability was found in waooAI waoowaoo up to 0.4.1. Impacted is the function stablePublicIdFromStorageKey in the library src/lib/media/hash.ts of the component Media Handler. The manipulation of the argument storageKey results in improper authorization. The attack may be performed from...