EUVD-2022-56005

Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...

CVE-2022-45813 WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF

Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...

CVE-2022-42479

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

CVE-2026-4764 Privilege Escalation in Dialogflow CX via Playbook Import

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

CVE-2026-4764

The CVE reports a Missing Authorization in Dialogflow CX’s playbook import on Google Cloud Platform. An authenticated user with specific roles can escalate privileges via a malicious playbook import, potentially taking over a GCP project. The issue affects Dialogflow CX playbook import functional...

EUVD-2026-36221

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

CVE-2022-42479 WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

CVE-2022-42479 WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

EUVD-2022-56003

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

CVE-2026-26237

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

PT-2026-48633

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

PT-2026-48642

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...

PT-2026-48639

Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...

PT-2026-48647

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass

This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may permit unauthorized access to privileged migration functionality. Versions 5.9.5 and below are affected...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the create and store functions in ApiEntityListQuickCreationCommandController.php. A user can create or submit new records on the Quick Creation Command endpoint for any entity with Quick Creation Command...

CVE-2026-53634 Sharp: Missing Authorization Check in Quick Creation Command Endpoints

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

CVE-2026-53634 Sharp: Missing Authorization Check in Quick Creation Command Endpoints

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

CVE-2026-49948

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

CVE-2026-47343

Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...