CVE-2025-15565

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

PT-2026-21688

Name of the Vulnerable Software and Affected Versions REB500 affected versions not specified Description An authenticated user with low-level privileges can access and modify the content of directories using the DAC protocol, despite lacking the necessary authorization. Recommendations At the...

CVE-2022-46678

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized...

Wechat exposed two vulnerabilities: not authorized to login others account-vulnerability warning-the black bar safety net

Recently the black bar safety net vulnerability announcements section of the public Tencent wechat are two of the vulnerabilities. According to the vulnerability of the author described by the two vulnerability a hacker may not be authorized to access and log in directly to their wechat account...

Information disclosure in the REST API

Jira reports the 404 not-found earlier than the 401 not-authorized. This discloses the non-existence of a specific issue numbers to unauthorized users. While this isn't a huge leak, this could come in useful with social engineering. Proof of concept: Both of the calls below are unauthenticated, a...