254 matches found
PT-2026-30821
Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.10.1 Description An authorization bypass exists in the AJAX endpoint used to download saved model artifacts. Due to missing access-control validation, a user without permissions to a specific experiment can directly...
WordPress plugin Pie Register – User Registration, Profiles & Content Restriction 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
GHSA-26GM-93RW-CCHF Open WebUI has unauthorized deletion of knowledge files
Summary An access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin, but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from...
EUVD-2025-209079
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...
CVE-2025-55261
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...
CVE-2025-55261
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...
PT-2026-28286
Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The application suffers from missing functional level access control, potentially allowing an attacker to escalate privileges and compromise the application. This could lead to th...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...
EUVD-2025-209029
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...
CVE-2025-36440
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...
CVE-2025-36440 Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...
CVE-2025-36440
CVE-2025-36440 affects IBM Concert versions 1.0.0 through 2.2.0. The vulnerability arises from missing function-level access control, enabling a local user to obtain sensitive information. The NVD entry and CVE records corroborate the vendor-reported impact and scope. The provided metrics indicat...
CVE-2025-36440 Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...
PT-2026-28116
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...
CVE-2026-29189
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL Access Control List checks on several endpoints, allowing authenticated users to access and manipulate data they...
Information Disclosure
Glances is vulnerable to Information Disclosure. The vulnerability is due to missing access control and filtering in the /api/4/config endpoint, which returns the full configuration including sensitive data such as passwords, API tokens, and cryptographic keys...
PT-2026-25185
Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through = 1.4.1...
WordPress plugin Social Icons Widget & Block by WPZOOM 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
GHSA-RFPP-2HGM-GP5V Indico has a missing access check in the event series management API
Impact The API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to: - Getting the metadata title, category chain, start/end date for events in an existing series - Deleting an existing eve...
CVE-2026-27954
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...