CVE-2026-24586

The CVE-2026-24586 entry concerns the WordPress Newses theme (versions affected up to 2.0.0.77). Affected component: Themeansar Newses theme; vulnerability type: Broken Access Control due to missing authorization. Impact is described as allowing improper access because access control security lev...

CVE-2026-24546

The CVE covers WordPress GamiPress plugin versions up to 7.6.3 with a Missing Authorization vulnerability, arising from incorrectly configured access control levels. According to the connected data, the issue affects the GamiPress component (WordPress plugin) and is classified as a network-exploi...

WordPress plugin NanoCare 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin GamiPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Newses 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-43153

Name of the Vulnerable Software and Affected Versions NanoCare versions prior to 1.2.2 Description A missing authorization issue in Linethemes NanoCare allows for the exploitation of incorrectly configured access control security levels, resulting in broken access control. Recommendations Update ...

PT-2026-43104

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

PT-2026-43141

Name of the Vulnerable Software and Affected Versions WP Chill RSVP and Event Management versions prior to 2.7.17 Description A missing authorization issue exists due to incorrectly configured access control security levels, which allows for broken access control. Recommendations Update to a...

PT-2026-43145

Name of the Vulnerable Software and Affected Versions MyCryptoCheckout versions prior to 2.162 Description A missing authorization issue in the MyCryptoCheckout plugin allows for the exploitation of incorrectly configured access control security levels, resulting in broken access control...

PT-2026-43133

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0...

PT-2026-43134

Name of the Vulnerable Software and Affected Versions Newses versions prior to 2.0.0.78 Description A missing authorization issue allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version newer than 2.0.0.77...

CVE-2026-39593

Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10...

CVE-2026-27405

CVE-2026-27405 concerns the WordPress plugin WpBookingly (Magepeople Inc.) up to version 1.2.9, where a Missing Authorization vulnerability enables broken access control. The issue affects WpBookingly 1.2.9 and earlier, with CVSS v3.1 base score 6.5 (Medium) and an attack vector over network. The...

PT-2026-42151

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

CVE-2026-45442

Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...

EUVD-2026-30885

Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...

Improper Network Access Control

github.com/ctfer-io/fullchain is vulnerable to improper network access control. The vulnerability is due to a misconfigured inter-namespace NetworkPolicy, which allows a malicious actor to pivot from a compromised application to Pods outside the original namespace...

EUVD-2025-209858

Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...

CVE-2025-15023

Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...

Embedded Malicious Code

@tanstack/ packages are vulnerable to Embedded Malicious Code. The vulnerability is due to misconfigured GitHub Actions workflows and cache poisoning weaknesses that allowed attackers to extract OIDC tokens and publish malicious package versions under a trusted identity...