21188 matches found
CVE-2026-49190 Missing Per-Instruction Authorization Checks
The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...
CVE-2026-49190
Technical details (affected products, vulnerable component, root cause, exploit information) are not provided in the initial document or connected sources. Monitor for updates from official advisories.
CVE-2026-10737 SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...
PT-2026-46261
Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp Mobile App: from 1.3.0 through 04062026...
Use of Cache Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the UpdateCacheMiddleware function. An attacker can access sensitive cached data by making unauthenticated requests to endpoints that have previously been accessed with an Authorization...
CVE-2026-10616
CVE-2026-10616 affects nextlevelbuilder GoClaw up to 3.11.3. The vulnerability resides in TeamTasksTool.executeComplete (internal/tools/team_tasks_lifecycle.go), where a manipulation can lead to missing authorization. The issue can be exploited remotely and the exploit has been made publicly avai...
CVE-2026-49782
Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...
CVE-2026-27351
Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...
CVE-2026-49782 WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...
CVE-2026-49782
CVE-2026-49782 concerns the WordPress Elementor Website Builder plugin (
CVE-2026-49782
Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...
EUVD-2026-33933
Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...
CVE-2026-49782 WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...
CVE-2026-27351
Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...
EUVD-2026-33931
Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...
CVE-2026-27351
CVE-2026-27351 affects the WordPress Crew HRM plugin up to version 1.2.2. Root cause: Missing Authorization through incorrectly configured access control. Impact includes Low integrity, Low availability, and No confidentiality impact per CVSS 3.1 (base score 5.4). Attack vector is Network with Lo...
CVE-2026-27351 WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...
CVE-2026-27351 WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...
CVE-2026-42670
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...
EUVD-2026-33908
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...