CVE-2026-1751 Missing Authorization in GitLab

A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions...

CVE-2026-1751 Missing Authorization in GitLab

A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions...

CVE-2026-1751 Missing Authorization in GitLab

A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions...

WordPress HelloAsso plugin <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update vulnerability

Missing Authorization to Authenticated Contributor+ Limited Options Update vulnerability discovered by Peter Thaleikis in WordPress Plugin HelloAsso versions = 1.1.10...

WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin - PostX plugin <= 4.1.2 - Missing Authorization to Arbitrary Options Update vulnerability

WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin - PostX plugin = 4.1.2 - Missing Authorization to Arbitrary Options Update vulnerability discovered by 1337Wannabe - home in WordPress Plugin PostX versions = 4.1.2...

WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update vulnerability

Missing Authorization to Authenticated Subscriber+ Template Name Update vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Ultimate Coming Soon & Maintenance versions = 1.0.9...

CVE-2026-1734

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

CVE-2026-1734 Zhong Bang CRMEB crontab Endpoint CrontabController.php authorization

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

CVE-2026-1734

CVE-2026-1734 affects Zhong Bang CRMEB up to 5.6.3, specifically the crontab Endpoint’s CrontabController.php. The root cause is missing authorization in the crontab endpoint, enabling remote exploitation. Public PoC/exploit information appears in the entry and related sources, indicating real-wo...

CVE-2026-1734 Zhong Bang CRMEB crontab Endpoint CrontabController.php authorization

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

PT-2026-5586

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

CVE-2026-1431 Booking Calendar <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

CVE-2026-1431 Booking Calendar <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

CVE-2026-1431

CVE-2026-1431 – Booking Calendar (WordPress) Root cause: missing capability check in wpbc_ajax_WPBC_FLEXTIMELINE_NAV() allowed unauthenticated access to booking data. All versions up to and including 10.14.13 are affected, enabling retrieval of customer names, phones, and emails. Impact: unauthor...

CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

CVE-2025-15510

CVE-2025-15510 affects NEX-Forms – Ultimate Forms Plugin for WordPress. The underlying issue is a missing capability check in the NF5_Export_Forms class constructor, allowing unauthenticated users to export form configurations by enumerating nex_forms_Id in all versions up to and including 9.1.8....

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Deadbee - NA in WordPress Plugin NEX-Forms versions = 9.1.8...

WordPress Tutor LMS plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Course Completion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.2...

WordPress Amelia plugin <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions vulnerability

Missing Authorization to Unauthenticated Multiple AJAX Actions vulnerability discovered by type5afe in WordPress Plugin Amelia versions = 1.2.38...

CVE-2026-1298

The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the imagereplacementfromurl function that is hooked to the erifromurl AJAX action. This makes it possible for authenticated...