5804 matches found
QNAP HBS 3 - Broken Access Control
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...
WordPress Easy Student Results <=2.2.8 - Improper Authorization
WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...
Jira - Incorrect Authorization
Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access. id: CVE-2019-3403...
Tenda AC1200 V-W15Ev2 - Authentication Bypass
The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The...
Modoboa < 2.1.0 - Improper Authorization
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. id: CVE-2023-2227 info: name: Modoboa 2.1.0 - Improper Authorization author: ritikchaddha,princechaddha severity: critical description: | Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. impact:...
Improper Authorization
n8n-mcp is vulnerable to Improper Authorization. The vulnerability is due to insufficient tenant isolation of locally stored workflow version history, which allows an authenticated tenant to read or delete workflow backups belonging to other tenants, exposing sensitive configuration data and...
CVE-2026-48321
Technical details are not publicly available in the provided documents; no affected products, versions, or remediation are specified. Monitor for updates.
CVE-2026-58540
Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally...
CVE-2026-58277
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network...
CVE-2026-54121
Improper authorization in Active Directory Certificate Services AD CS allows an authorized attacker to elevate privileges over a network...
CVE-2026-50344
Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally...
CVE-2026-50346
Improper authorization in RPC Runtime allows an authorized attacker to elevate privileges locally...
CVE-2026-15058
The CVE-2026-15058 affects Devolutions Server versions 2026.2.11 and 2026.1.22, where the secure messages deletion endpoint incorrectly authorizes access. An authenticated user can delete another user’s messages by directly referencing the message identifier, due to an improper authorization flaw...
CVE-2026-15058
Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user's messages via a direct object reference to the message identifier...
CVE-2026-58631
Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally...
CVE-2026-58631
CVE-2026-58631 involves Windows Admin Center where improper authorization allows an authorized attacker to execute code locally. The available sources describe a local attack vector with high impact (C:H/I:H/A:H) and a CVSS v3.1 base score of 7.8, indicating remote code execution risk within the ...
Netlogon RPC Elevation of Privilege Vulnerability
Improper authorization in RPC Runtime allows an authorized attacker to elevate privileges locally...
Windows OLE Elevation of Privilege Vulnerability
Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally...
Windows Admin Center (WAC) Remote Code Execution Vulnerability
Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally...
Microsoft SharePoint Elevation of Privilege Vulnerability
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network...