CVE-2026-9224

Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and...

CVE-2026-45244

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

CVE-2026-42670

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...

CVE-2026-31266

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...

CVE-2026-8495

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...

CVE-2025-52766

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

CVE-2025-14361

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

CVE-2025-66105

Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8...

CVE-2025-53346

Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3...

CVE-2022-41656

Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...

CVE-2026-25444

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

CVE-2025-53302

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

CVE-2026-25436

Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

CVE-2026-25431

Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1...

CVE-2026-7051

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

CVE-2026-34899

Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1...

CVE-2026-34903

Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...

CVE-2026-34261

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

CVE-2026-3477

The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.6. The pzfmuserrequestactioncallback function, registered via the wpajaxpzfmuserrequestaction action hook, lacks both capability checks and nonce verification. This function...

CVE-2026-3480

The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...