21203 matches found
CVE-2026-8495
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...
CVE-2026-8495
The Date iCal Drupal module (Date iCal) is affected by a Missing Authorization vulnerability that allows forceful browsing. Affected versions are 0.0.0 through 4.0.14, with exploitation stemming from insufficient access checks and input sanitization in the iCal feed export functionality, which ex...
CVE-2026-8495 Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...
CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...
CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...
CVE-2026-45243
Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read,...
Missing Authorization
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via image404Raw.php. An attacker can access arbitrary image files, including those protected by access controls, by supplying crafted path...
CVE-2026-47100
CVE-2026-47100 affects Funnel Builder for WooCommerce Checkout (FunnelKit) prior to version 3.15.0.3. The vulnerability is a missing authorization flaw in the public checkout AJAX flow (update_order_review) that allows an unauthenticated attacker to invoke internal methods and write to the plugin...
CVE-2026-47100 Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...
CVE-2026-45442
Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...
WordPress TypeSquare Webfonts for ConoHa plugin <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Settings Modification vulnerability discovered by ? in WordPress Plugin TypeSquare Webfonts for ConoHa versions = 2.0.4...
CVE-2026-45442 WordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...
CVE-2026-45442
CVE-2026-45442 concerns WordPress plugin Presto Player (Brainstorm Force) versions
CVE-2026-45442 WordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...
CVE-2026-45442
Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...
EUVD-2026-30885
Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...
Missing Authorization
Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Missing Authorization in the export process. An attacker can gain access to the structure of forms they are no...
PT-2026-41876
Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...
Missing Authorization
Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Missing Authorization via the extension automation feature. An attacker can perform unauthorized browser automation actions by tricking a user into interacting with attacker-controll...
Missing Authorization
Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Missing Authorization via the window.postMessage bridge in the content script. An attacker can access, modify, or delete automation artifacts by sending crafted runtime messages with...