21391 matches found
CVE-2026-27328
CVE-2026-27328 affects the WordPress EduBlink theme (edublink) ≤ 2.0.7. The root cause is missing/incorrectly configured access control, described as a Missing Authorization vulnerability that enables access control bypass. The available sources consistently label this as a broken access control ...
CVE-2026-27327
The CVE-2026-27327 entry concerns the WordPress YayMail – WooCommerce Email Customizer plugin (YayMail) version <= 4.3.2, where a Missing Authorization/ Broken Access Control vulnerability exists due to incorrectly configured access control security levels. Affected component is the YayMail pl...
CVE-2026-27328 WordPress EduBlink theme <= 2.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through = 2.0.7...
CVE-2026-27327
Missing Authorization vulnerability in YayCommerce YayMail – WooCommerce Email Customizer yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail – WooCommerce Email Customizer: from n/a through = 4.3.2...
CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...
CVE-2026-26016 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance,...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the REST API, Kargo’s authorization model fails to enforce the non-standard promote "dolphin verb" across three specific endpoints. While this sensitive operation is correctly gated in the legacy gRPC API, the...
GHSA-5VVM-67PJ-72G4 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints
Summary Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions,...
CVE-2026-27092
Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through = 2.3.0...
CVE-2026-27066
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-27055
Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through = 2.0...
CVE-2026-27056
Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...
CVE-2026-27042
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through = 3.2.1...
CVE-2026-25473
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through = 14.0.31...
CVE-2026-26358
Dell Unisphere for PowerMax, versions 10.2, contains a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2026-26358
Dell Unisphere for PowerMax, versions 10.2, contains a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2026-25459
Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through = 3.5.12...
CVE-2026-25416
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2026-25415
Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through = 1.6.18...
CVE-2026-25412
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...