12650 matches found
Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifyi...
CVE-2026-57813
Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through = 1.2.77.3...
CVE-2026-57378
Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a through = 1.9.3.7...
CVE-2026-61952
Summary: CVE-2026-61952 affects the WordPress WooCommerce plugin “WooCommerce Bulk Edit Products – WP Sheet Editor” (versions up to and including 1.8.21). The issue is a broken access control due to missing authorization, enabling exploitation through insecure access control configurations. Affec...
CVE-2026-57729 WordPress Flatsome theme <= 3.20.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through = 3.20.5...
CVE-2026-57386 WordPress aBlocks plugin < 2.9.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through 2.9.1...
H3C ER8300G2-X - Password Disclosure
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface. id: CVE-2024-32238 info: name: H3C ER8300G2-X - Password Disclosure author: s4e-io,adeljck severity: critical description: | H3...
CVE-2026-51538
EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...
CVE-2026-51538
EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...
EUVD-2026-43061
Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...
EUVD-2026-43062
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...
EUVD-2026-43056
Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...
CVE-2026-13232
Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...
CVE-2026-13238
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...
CVE-2026-13238 Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...
CVE-2026-13237 AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057
Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...
CVE-2026-13237
CVE-2026-13237 affects Drupal AI Agents (versions 0.0.0–1.1.4, 1.2.0–1.2.5, 1.3.0–1.3.1). Root cause: Incorrect Authorization allowing Forceful Browsing, potentially enabling information disclosure and minor integrity concerns. The issue is documented across multiple sources (Drual SA-CONTRIB-202...
CVE-2026-13232 Advanced Content Feedback (aka admin_feedback) - Moderately critical - Access bypass / Insecure Direct Object Reference (IDOR) - SA-CONTRIB-2026-052
Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...
Incorrect Authorization
Overview FlaskBB is an A classic Forum Software in Python using Flask. Affected versions of this package are vulnerable to Incorrect Authorization via manipulation of the topicid parameter in batch requests. An attacker can perform unauthorized actions such as locking, unlocking, deleting, or...
CVE-2026-21051
Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings...