CVE-2026-6510

The CVE-2026-6510 entry describes a privilege-escalation flaw in the InfusedWoo Pro WordPress plugin. Affected component: iwar_save_recipe() AJAX handler; root cause: missing nonce verification and capability checks. Impact: unauthenticated attackers can craft a URL to pair an HTTP post trigger w...

UBUNTU-CVE-2026-8144

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

CVE-2026-2900

GitLab EE patched a vulnerability where, if instance-level approval rule editing prevention was enabled, an authenticated Maintainer could modify or delete project approval rules due to missing authorization checks. Affected are GitLab EE versions: 16.10 before 18.9.7, 18.10 before 18.10.6, and 1...

CVE-2026-2900 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention was enabled, could have allowed an authenticated user with Maintainer permissions to modify or dele...

CVE-2026-8144

GitLab CE/EE had an authorization check flaw that could allow an authenticated user with project membership to enumerate private group members. Affected versions: 15.1–18.9.6, 15.1–18.10.5, and 15.1–18.11.2. Remediation was applied in patch releases: 18.9.7, 18.10.6, and 18.11.3 respectively. Imp...

CVE-2026-8144 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

CVE-2026-8144 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion vulnerability

Missing Authorization to Authenticated Contributor+ Configuration Deletion vulnerability discovered by Ren Voza in WordPress Plugin FOX versions = 1.4.5...

PT-2026-40892

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar save recipe AJAX handler. This makes it possible for unauthenticated...

PT-2026-41144

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.0 Portainer Community Edition versions prior to 2.33.0 Description A missing authorization issue in the Custom Template file...

PT-2026-40917

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Missing authorization in the CREATE TYPE command allows a...

GitLab 16.10 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-2900)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing Authorization in GitLab CVE-2026-2900 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...

WordPress plugin InfusedWoo Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-40879

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.1 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an authenticated user with project membership can enumerate private group...

VulnCheck KEV: CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

CVE-2026-44448

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0...

CVE-2026-35438

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network...

WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin <= 7.8.5.10 - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering vulnerability

One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin = 7.8.5.10 - One Click SSL & Force HTTPS = 7.8.5.10 - Missing Authorization to Authenticated Subscriber+ SSL Setup Tampering vulnerability discovered by Kitch - KitchGlobal in WordPress Plugin WP Encryption – One...

Missing Authorization

Overview nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Missing Authorization in the GenericForeignKey process. An attacker can associate objects with unauthorized resources by supplying the UUIDs of objects they do not have...

Vulnerability handling in Fortinet FortiSandbox

Fortinet has identified a vulnerability in FortiSandbox and FortiSandbox PaaS versions. The vulnerability involves an absence of authorization checks, allowing unauthorized attackers to execute unauthorized code or commands through specially crafted HTTP requests. This issue arises due to...