21318 matches found
WordPress Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings plugin <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Modification vulnerability discovered by cpforensic in WordPress Plugin Rate Star Review versions = 1.6.4...
WordPress Coinbase Commerce for Contact Form 7 plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification vulnerability
Missing Authorization to Authenticated Subscriber+ API Key Modification vulnerability discovered by Legion Hunter in WordPress Plugin Coinbase Commerce for Contact Form 7 versions = 1.1.2...
Security Bulletin: MongoDB Enterprised Advanced affected by: Missing Authorization and Other Issues (CVE-2026-34766 + 13 more)
Summary There are vulnerabilities in electron-37.8.0.tgz used in MongoDB Enterprised Advanced for IBM, involving 14 CVEs. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34766 DESCRIPTION: Electron is a framework for writing cross-platform desktop applications using...
CVE-2026-43639
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...
CVE-2026-43639 Bitwarden Server < 2026.4.0 Missing Authorization via Provider Clients
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...
CVE-2026-43639 Bitwarden Server < 2026.4.0 Missing Authorization via Provider Clients
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...
CVE-2026-43639
Bitwarden Server prior to v2026.4.0 is affected by a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/{providerId}/clients/existing, resulting in takeover of the target organization. The issue is restric...
CVE-2026-43638 Bitwarden Server < 2026.4.1 Missing Authorization via Organization Cipher Import
Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via POST /ciphers/import-organization by submitting an empty collections array, which causes the server-side permission check to be...
CVE-2026-43638
Bitwarden Server before 2026.4.1 contains a missing authorization vulnerability that lets any authenticated user write ciphers into an arbitrary organization via POST /ciphers/import-organization by submitting an empty collections array, bypassing the server-side permission check. Affected produc...
CVE-2026-43638 Bitwarden Server < 2026.4.1 Missing Authorization via Organization Cipher Import
Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via POST /ciphers/import-organization by submitting an empty collections array, which causes the server-side permission check to be...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the updatemessagebyid process. An attacker can modify messages authored by other users by sending a request to the message update endpoint with only read permissions in a standard...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the updatemessagebyid and deletemessagebyid endpoints due to missing ownership validation for messages. An attacker can alter or remove messages belonging to other users by sending...
EUVD-2026-29044
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2026-32658
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2026-32658
Dell Automation Platform versions prior to 2.0.0.0 contain a missing authorization vulnerability. A low-privilege attacker with remote access could exploit this to achieve elevation of privileges. The issue is tied to the platform’s access controls and is addressed by Dell’s security update/patch...
CVE-2026-32658
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2026-32658
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2026-32658
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...
PT-2026-39716
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...
PT-2026-39586
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...