Missing Authorization

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Missing Authorization in the AddonViewSet API, which allows unauthorized users to access add-on configuration data. An attacker can obtain...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the Pub/Sub endpoint. An attacker can cause unauthorized removal of Android devices from management by sending crafted unauthenticated requests. Remediation Upgrade...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the UpdateHumanUser API. An attacker can bypass proper verification of email or phone by directly setting the verification flag without completing the intended verification process. This may allow unauthorized...

CVE-2026-22765

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges...

CVE-2025-14103 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...

Missing Authorization

Overview parse-dashboard is a The Parse Dashboard for Parse Server Affected versions of this package are vulnerable to Missing Authorization via the agent endpoint. An attacker can gain unauthorized access to other applications' agent endpoints and escalate privileges by modifying the app ID in t...

CVE-2026-25927 OpenEMR Missing Authorization Checks in DICOM Viewer State API

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API e.g. upload or state save/load accepts a document ID docid without verifying that the document belongs to the current user’s authorized patie...

EUVD-2026-8653

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations...

CVE-2026-28195

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations...

CVE-2026-28195

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations...

CVE-2026-28195

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations...

CVE-2026-28195

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations...

CVE-2026-28195

CVE-2026-28195 affects JetBrains TeamCity prior to 2025.11.3, where missing authorization allowed project developers to add parameters to build configurations. The vulnerability arises from insufficient access controls on build configuration parameters, enabling modification by users with project...

CVE-2026-26104

CVE-2026-26104 affects the udisks storage management daemon. A privileged D-Bus method that exports encryption metadata does not perform a policy check, allowing unprivileged users to back up LUKS header data and potentially read or write sensitive cryptographic metadata to attacker-controlled lo...

CVE-2026-26104 Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-bus api

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...

CVE-2025-14742 WP Recipe Maker <= 10.2.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsearchrecipes' and 'ajaxgetrecipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-14742

CVE-2025-14742 : The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_search_recipes and ajax_get_recipe functions in all versions up to and including 10.2.3. This allows authenticated attackers with Subscriber-level acce...

CVE-2026-1916 WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...

PT-2026-21905

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations...

WordPress Post Duplicator plugin <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter vulnerability

Missing Authorization to Authenticated Contributor+ Protected Post Meta Insertion via 'customMetaData' Parameter vulnerability discovered by Nguyen Ba Hung bashu - KCSC in WordPress Plugin Post Duplicator versions = 3.0.8...