PT-2026-31563

Name of the Vulnerable Software and Affected Versions Vertex Addons for Elementor plugin for WordPress versions up to and including 1.6.4 Description The Vertex Addons for Elementor plugin for WordPress is susceptible to a missing authorization issue. This is caused by insufficient authorization...

PT-2026-31799

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive...

CVE-2025-9484

GitLab EE CVE-2025-9484 affects all GitLab EE versions: 16.6 before 18.8.9, 18.8.x before 18.9.5, and 18.10.x before 18.10.3. An authenticated user could have accessed other users’ email addresses via certain GraphQL queries. The issue has a CVSS v3.1 base score of 4.3 (Medium) with Network attac...

CVE-2026-4916 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authentication and authorization checks in the cache server. An attacker can gain unauthorized read and write access by sending requests directly to the exposed service. Remediation Upgrade...

CVE-2026-34722

CVE-2026-34722 affects the web-based helpdesk system Zammad . Prior to versions 7.0.1 and 6.5.4 , the endpoint used for ticket creation could accept a related parameter for adding links without proper authorization, exposing an access control issue. The vulnerability is fixed in the patched relea...

CVE-2026-0814 Advanced CF7 DB <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel Export

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vszcf7exporttoexcel' function in all versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

EUVD-2026-20424

Missing Authorization vulnerability in mailercloud Mailercloud Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud Integrate webforms and...

EUVD-2026-20430

Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through = 2.8...

EUVD-2026-20425

Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through = 6.8...

EUVD-2026-20412

Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through = 1.1.0...

EUVD-2026-20354

Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through = 1.10.11...

EUVD-2026-20359

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

EUVD-2026-20355

Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through = 3.3.52...

EUVD-2026-20364

Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a through = 1.1.1...

EUVD-2026-20373

Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a through = 10.0.10...

EUVD-2026-20377

Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through = 2.0...

EUVD-2026-20383

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

EUVD-2026-20391

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.10.2...

EUVD-2026-20394

Missing Authorization vulnerability in HBSS Technologies MAIO The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO The new AI GEO / SEO tool: from n/a through = 6.2.8...