21319 matches found
CVE-2026-44125 Missing Authorization in GINAv2
SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session...
CVE-2026-41498
CVE-2026-41498 (Kimai) describes a missing object-level authorization in the Team API prior to version 2.54.0. The API endpoints used #[IsGranted('edit_team')] instead of #[IsGranted('edit','team')], causing the Symfony TeamVoter to abstain and bypass entity-level ownership checks. As a result, a...
PT-2026-39271
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The 'POST /api/v1/retrieval/process/web' endpoint accepts a user-supplied collection name and an overwrite query parameter, which defaults to True. The system fails to perform authorization checks...
PT-2026-39257
Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF mounts the 'nnef-oam' route group without requiring inbound OAuth2 or bearer-token authorization. A network attacker with access to the NEF on the Service Based...
Missing Authorization
Overview org.springframework.ai:spring-ai-openai is an OpenAI models support Affected versions of this package are vulnerable to Missing Authorization via the default configuration of the Spring AI chat memory component. An attacker can access data from other users when DEFAULTCONVERSATIONID is n...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the PUT /api/echo/like/:id endpoint, which lacks authentication and rate limiting. An attacker can manipulate the favcount of any echo, including private ones, by sending repeated requests without...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the PUT /api/echo/like/:id endpoint, which lacks authentication and rate limiting. An attacker can manipulate the favcount of any echo, including private ones, by sending repeated requests without...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the PUT /api/echo/like/:id endpoint. An attacker can manipulate engagement metrics by sending repeated unauthenticated requests to the like endpoint, resulting in arbitrary inflation of the favcount value...
EUVD-2026-28336
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...
EUVD-2026-28330
Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...
EUVD-2025-209714
Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8...
CVE-2026-27416
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...
CVE-2025-66105
Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8...
CVE-2026-25436
Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...
CVE-2026-27416 WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...
CVE-2026-27416
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...
CVE-2026-27416 WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...
CVE-2025-66105 WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8...
CVE-2025-66105
Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8...
CVE-2025-66105
CVE-2025-66105 concerns the WordPress plugin Bus Ticket Booking with Seat Reservation (versions before 5.6.8). The issue is a Broken Access Control/Missing Authorization vulnerability due to incorrectly configured access levels, enabling exploitation under network conditions with low complexity a...