CVE-2025-64215

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

CVE-2026-0977

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...

CVE-2020-7293

Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface...

CVE-2025-36093

CVE-2025-36093 affects IBM Cloud Pak for Business Automation 25.0.0, 24.0.1, and 24.0.0. An improper access-control design could allow an attacker to access unauthorized content or perform unauthorized actions via man-in-the-middle techniques. This is supported by multiple connected sources ident...

CVE-2025-49906

Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through = 2.9.5.3...

EUVD-2025-16976

Malicious code in bioql PyPI...

EUVD-2025-12727

Malicious code in bioql PyPI...

EUVD-2025-12728

Malicious code in bioql PyPI...

EUVD-2023-59404

Malicious code in bioql PyPI...

EUVD-2023-44942

Malicious code in bioql PyPI...

EUVD-2024-49022

Malicious code in bioql PyPI...

EUVD-2024-16888

Malicious code in bioql PyPI...

WordPress Alone Code Injection Vulnerability

WordPress Alone is a theme designed for nonprofit organizations, primarily for the WordPress platform. WordPress Alone suffers from a code injection vulnerability that stems from improper code generation controls, no details of the vulnerability are provided at this time...

CVE-2025-5428

A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2024-22316

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls...

PT-2025-16553 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A critical vulnerability was found in the TOTOLINK A3700R, affecting the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access...

PT-2025-15035 · Unknown · Xujiangfei Admintwo

Name of the Vulnerable Software and Affected Versions: xujiangfei admintwo version 1.0 Description: A critical issue affects some unknown functionality of the file /user/updateSet, where the manipulation of the email argument leads to improper access controls. This issue can be exploited remotely...

CVE-2025-2993

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14408. Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit...

CVE-2025-2218

A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The...

EmbedAI 访问控制错误漏洞

EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. An access control error vulnerability exists in EmbedAI version 2.1 and prior versions that stems from improper access control...