PT-2026-32037

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2...

FreeBSD : Gitlab -- vulnerabilities (099d4998-33cc-11f1-a7d1-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 099d4998-33cc-11f1-a7d1-2cf05da270f3 advisory. Gitlab reports: Exposed Method issue in websocket connections impacts GitLab CE/EE Denial of...

WordPress Advanced CF7 DB plugin <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel Export vulnerability

Missing Authorization to Authenticated Subscriber+ Form Submissions Excel Export vulnerability discovered by Kai Aizen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...

CVE-2026-33785 Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/CSDS scenario

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, ca...

CVE-2026-33785 Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/CSDS scenario

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, ca...

CVE-2026-33785

Junoirs OS on MX Series suffers a Missing Authorization vulnerability in the CLI that allows a local, authenticated user with low privileges to run specific 'request csds' commands. The commands are intended for high-privilege Juniper Device Manager (JDM) / CSDS roles and can impact all devices m...

CVE-2026-33776 Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive...

CVE-2026-39659

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through = 2.11.3...

CVE-2026-39652

Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through = 1.3...

CVE-2026-39644

Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from n/a through = 2.3.8...

CVE-2026-39657

Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n/a through = 1.0.2...

CVE-2026-39648

Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through = 2.1.7...

CVE-2026-39639

Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include Content: from n/a through = 1.2.2...

CVE-2026-39637

Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through = 1.2.3...

CVE-2026-39664

Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through = 1.0.2...

CVE-2026-39662

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

CVE-2026-39650

Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through = 1.0.2...

CVE-2026-35063 Missing Authorization in OpenPLC_V3

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...

CVE-2026-35063

CVE-2026-35063 concerns OpenPLC_V3 REST API: an endpoint checks for JWT but does not verify the caller’s role. This allows any authenticated user with role=user to delete other users (including admins) by specifying a user_id, or to create new accounts with role=admin, effectively escalating to f...

CVE-2026-35063 Missing Authorization in OpenPLC_V3

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...