PT-2026-21827

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue...

CVE-2025-64997 Insufficient permission validation when showing agent information

Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...

EUVD-2021-24342

Malware in sbrugna...

CVE-2025-48941

CVE-2025-48941 (MyBB) : Affected software: MyBB versions prior to 1.8.39. Issue: the internal search does not properly validate thread visibility, allowing a user with search access to infer the existence of hidden threads (draft, unapproved, or soft-deleted) by title. The visible flag (mybb_thre...

CVE-2024-4665 EventPrime – Events Calendar, Bookings and Tickets < 3.5.0 - Subscriber+ Arbitrary booking settings update

The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce...

PT-2025-21476 · WordPress · Eventprime

Name of the Vulnerable Software and Affected Versions: EventPrime WordPress plugin versions prior to 3.5.0 Description: The issue concerns a lack of proper permission validation when updating bookings, allowing users to change or cancel bookings for other users. Additionally, the feature lacks a...

GHSA-322V-VH2G-QVPV Mattermost Fails to Restrict Certain Operations on System Admins

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...

Mattermost Fails to Restrict Certain Operations on System Admins

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...

Improper Authorization

Overview nilsteampassnet/teampass is a password manager. Affected versions of this package are vulnerable to Improper Authorization due to improper validation of user permissions in the items.queries.php component. An attacker can gain unauthorized access to folders by exploiting the lack of prop...

MGASA-2019-0314 Updated proftpd packages fix security vulnerabilities

Updated proftpd package fixes security vulnerabilities: It was discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands CVE-2019-12815. It was discovered that due to incorrect handling of overly long commands, a...