CVE-2026-4281

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listenfortokens methods of the FormLiftInfusionsoftManager class, both of which are hooked ...

PT-2026-28201

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listen for tokens methods of the FormLift Infusionsoft Manager class, both of which are...

CVE-2026-34053 OpenEMR Missing Authorization in Procedure Order AJAX Deletion Handler

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint interface/forms/procedureorder/handledeletions.php allows any authenticated user, regardless of role, to...

CVE-2026-34053 OpenEMR Missing Authorization in Procedure Order AJAX Deletion Handler

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint interface/forms/procedureorder/handledeletions.php allows any authenticated user, regardless of role, to...

CVE-2026-34053

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint interface/forms/procedureorder/handledeletions.php allows any authenticated user, regardless of role, to...

CVE-2026-34053

OpenEMR prior to version 8.0.0.3 has a missing authorization issue in the AJAX deletion endpoint at interface/forms/procedure_order/handle_deletions.php. This allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens for any patient. Versio...

CVE-2026-34053 OpenEMR Missing Authorization in Procedure Order AJAX Deletion Handler

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint interface/forms/procedureorder/handledeletions.php allows any authenticated user, regardless of role, to...

CVE-2026-33934 OpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staff Signatures

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in portal/sign/lib/show-signature.php that allows any authenticated patient portal user to retrieve the drawn signature image of an...

Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read

Summary When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will...

GHSA-8CMM-J6C4-RR8V Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read

Summary When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will...

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization due to missing authentication and authorization checks in the reports.json.php and getData.json.php endpoints. An attacker can access sensiti...

Important: Red Hat Security Advisory: udisks2 security update

An update for udisks2 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

EUVD-2026-15925

Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through = 3.2.22...

EUVD-2026-15927

Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through = 1.9.15...

EUVD-2026-15893

Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable...

EUVD-2026-15917

Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through = 1.0.12...

EUVD-2026-15839

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

EUVD-2026-15874

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.1.2...

EUVD-2026-15872

Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through = 0.7.3...

EUVD-2026-15831

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...