CVE-2026-4309

CVE-2026-4309 concerns NEC Platforms, Ltd. Aterm Series devices with a Missing Authorization vulnerability. The available documents state that an attacker can retrieve specific device information and alter settings over the network. The CVSS metrics indicate a Network attack vector, high attack c...

CVE-2026-4309

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network...

CVE-2026-4309

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network...

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Deletion via 'b2sresetsocialmetatags' AJAX Action vulnerability discovered by s00me00ne in WordPress Plugin Blog2Social versions = 8.8.2...

CVE-2026-33934

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in portal/sign/lib/show-signature.php that allows any authenticated patient portal user to retrieve the drawn signature image of an...

PT-2026-28643

Name of the Vulnerable Software and Affected Versions NEC Platforms, Ltd. Aterm Series affected versions not specified Description A missing authorization issue exists in NEC Platforms, Ltd. Aterm Series. This allows an attacker to obtain specific device information and modify settings through a...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of the operator.admin scope in mutating internal ACP chat commands. An attacker can perform unauthorized mutating control-plane actions by...

GO-2026-4847 Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read in code.vikunja.io/api

Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the revision controllers. An attacker can access entry revisions and view sensitive field values and blueprint data by bypassing authorization checks with authenticated Control Panel access. Users may also creat...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the agent process when the /reset or /new endpoints are accessed with only operator.write permissions. An attacker can gain unauthorized administrative access by...

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization in the list.json.php endpoints of the Scheduler plugin, which lack authentication checks. An attacker can access sensitive information such a...

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via the playlistsVideos.json.php endpoint, which processes the playlistsid parameter without verifying ownership or visibility. An attacker c...

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization in the assets/preview-file. An attacker can access unauthorized preview metadata by sending crafted requests with a controlled assetId parameter, allowing retrieval of...

CVE-2026-33470 Frigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webp

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

CVE-2026-25437

Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GZSEO: from n/a through = 2.0.14...

CVE-2026-25365

Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a through 0.2.4...

CVE-2025-69358

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.6.0...

CVE-2026-25455

Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through = 1.13.61...

CVE-2026-25396

Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through = 1.6.6...

CVE-2026-25390

Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through = 3.2.3...