21328 matches found
PT-2026-31171
CVE-2026-39606 Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biz… https://t.co/TGgxdmzsNS...
PT-2026-31174
Name of the Vulnerable Software and Affected Versions Wava Payment versions through 0.3.7 Description A missing authorization flaw exists in Wava Payment, potentially allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Wava Payment to a versi...
Juniper Junos OS Vulnerability (JSA107866)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107866 advisory. - A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information...
Juniper Junos OS Vulnerability (JSA107872)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107872 advisory. - A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific...
PT-2026-31093
Name of the Vulnerable Software and Affected Versions PZ Frontend Manager plugin for WordPress versions up to and including 1.0.6 Description The PZ Frontend Manager plugin for WordPress is susceptible to a missing authorization issue. The pzfm user request action callback function, accessible...
PT-2026-31256
Name of the Vulnerable Software and Affected Versions Simply Schedule Appointments versions through 1.6.10.2 Description Missing authorization exists in NSquared Simply Schedule Appointments due to incorrectly configured access control security levels. Recommendations Update Simply Schedule...
CVE-2026-2263
Vulnerability: Hustle – Email Marketing, Lead Generation, Optins, Popups for WordPress suffers missing capability check on the AJAX action hustle_module_converted, allowing unauthenticated modification of conversion-tracking data in all versions up to 7.8.10.2. Impact: attackers can forge convers...
CVE-2026-2263 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...
WordPress Backup Migration plugin <= 2.0.0 - Missing Authorization to Unauthenticated Backup Upload to Offline Storage vulnerability
Missing Authorization to Unauthenticated Backup Upload to Offline Storage vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin Backup Migration versions = 2.0.0...
WordPress MainWP Child Reports plugin <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API vulnerability
Missing Authorization to Authenticated Subscriber+ Information Disclosure via Heartbeat API vulnerability discovered by Hunter Jensen skid in WordPress Plugin MainWP Child Reports versions = 2.2.6...
CVE-2026-35182
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...
CVE-2026-4065 Smart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...
Missing Authorization
Overview @delmaredigital/payload-puck is a Puck visual page builder plugin for Payload CMS Affected versions of this package are vulnerable to Missing Authorization via the createPuckPlugin function. An attacker can gain unauthorized access to sensitive data and perform unauthorized modifications...
CVE-2026-39348
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source omits authorization on job specification and vacancy attachment download handlers, allowing authenticated low-privilege users to read attachments via direct reference to attachment identifier...
CVE-2026-39360 RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration
RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...
CVE-2026-39360
RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...
CVE-2026-39355 Genealogy is Missing Authorization in `TeamController::transferOwnership()` Allows Any Authenticated User to Hijack Any Team (Broken Access Control)
Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...
Missing Authorization
Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Missing Authorization via the task polling. An attacker can access sensitive metadata belonging to other users by sending unauthenticated requests to the /api/v1/tasks and...
GHSA-H336-2WXM-PR6Q OpenViking contains a missing authorization vulnerability in the task polling endpoints
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...
OpenViking contains a missing authorization vulnerability in the task polling endpoints
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...