CVE-2026-2899

CVE-2026-2899 affects the Fluent Forms Pro Add On Pack for WordPress up to version 6.1.17. The root cause is Missing Authorization in the Uploader::deleteFile() path, due to lack of nonce verification and capability checks. The AJAX action is registered via addPublicAjaxAction(), creating both wp...

CVE-2026-3266

Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2...

PT-2026-23244

Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Posts Carousel Pro: from n/a through = 15.1...

PT-2026-23462

Name of the Vulnerable Software and Affected Versions RustDesk Client versions through 1.4.5 Description A missing authorization issue exists in the RustDesk Client on Windows, MacOS, Linux, iOS, and Android. The issue allows manipulation of Application API Messages via a Man-in-the-Middle attack...

PT-2026-23261

Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Booking Manager: from n/a through = 2.0...

CVE-2026-26418

Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...

PT-2026-23217

Name of the Vulnerable Software and Affected Versions Themeum Tutor LMS versions through 3.9.5 Description A missing authorization flaw exists in Themeum Tutor LMS, allowing exploitation of incorrectly configured access control security levels. The issue allows unauthorized access. Recommendation...

PT-2026-23264

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...

PT-2026-23260

Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through = 1.8...

PT-2026-23465

Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...

PT-2026-23211

Name of the Vulnerable Software and Affected Versions ThemeRuby Easy Post Submission versions through 2.2.0 Description The software contains a missing authorization flaw, allowing exploitation of incorrectly configured access control security levels. The issue allows unauthorized access...

CVE-2026-26418

Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...

PT-2026-23146

Name of the Vulnerable Software and Affected Versions BuddhaThemes WeDesignTech Ultimate Booking Addon versions through 1.0.3 Description An authorization issue exists in the WeDesignTech Ultimate Booking Addon, allowing exploitation due to incorrectly configured access control security levels...

PT-2026-23379

Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through = 1.3.9...

PT-2026-23245

Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bakery Autoresponder Addon: from n/a through = 1.0.6...

PT-2026-23200

Name of the Vulnerable Software and Affected Versions WordPress CTA easy-sticky-sidebar versions through 1.7.4 Description The software contains a missing authorization flaw that allows exploitation due to incorrectly configured access control security levels. Recommendations Update WordPress CTA...

CVE-2026-26418

Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...

PT-2026-23478

Name of the Vulnerable Software and Affected Versions Tata Consultancy Services Cognix Recon Client version 3.0 Description A lack of proper authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 enables remote attackers to access application...

CVE-2026-26418

The CVE-2026-26418 entry affects Tata Consultancy Services Cognix Recon Client v3.0. The vulnerability is a missing authentication and authorization flaw in the web API, enabling remote attackers to access application functionality over the network without restriction. According to the provided m...

PT-2026-23237

Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through = 1.0.5...