10 matches found
EUVD-2026-22231
The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...
CVE-2026-33312
Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delet...
CVE-2025-14262
A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner...
CVE-2025-14262
KNIME Business Hub vulnerability CVE-2025-14262 affects KNIME Business Hub prior to 1.17.0. A wrong permission check allowed an authenticated user to save another user’s jobs as if owned by the job owner, potentially enabling saves into spaces where the attacker lacked write permissions. The atta...
CVE-2025-7065
The CVE-2025-7065 entry involves PAD CMS photo upload where a client-controlled permission-check parameter allows unauthenticated remote attackers to upload files of any type/extension, potentially leading to Remote Code Execution. Affected are all three templates: www, bip, and ww+bip. The under...
CVE-2025-58753
Copyparty vulnerability CVE-2025-58753 affects the Copyparty portable file server. The issue is a missing permission check in the shares feature (shr global option) that allowed access to other files in the same folder when a share was created for a single file, by guessing filenames. Subdirector...
CVE-2021-47285
CVE-2021-47285 has been rejected by the CNA and does not represent an active vulnerability entry.
WordPress Plugin Paid Memberships Pro Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
GSD-2021-1000885 net/nfc/rawsock.c: fix a permission check bug
net/nfc/rawsock.c: fix a permission check bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.126 by commit...
UVI-2021-1000885 net/nfc/rawsock.c: fix a permission check bug
net/nfc/rawsock.c: fix a permission check bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.126 by commit...