222938 matches found
CVE-2026-48919
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...
CVE-2026-48921
Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...
CVE-2026-48918
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...
CVE-2026-48923
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2026-44838
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...
CVE-2026-44838
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...
CVE-2026-44838 RabbitMQ MQTT Topic Permission Authorization Bypass
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...
EUVD-2026-32548
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...
WordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin The Post Grid versions = 7.9.2...
CVE-2026-49052 WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
CVE-2026-49052
CVE-2026-49052 affects the WordPress ElementsKit Elementor addons Lite plugin up to version 3.9.6. The issue is described as a Missing Authorization/Broken Access Control vulnerability, caused by incorrectly configured access control security levels that potentially allow unauthorized actions wit...
CVE-2026-49052 WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Timetable and Event Schedule versions = 2.4.16...
CVE-2026-49051 WordPress WP Meta and Date Remover plugin <= 2.3.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...
CVE-2026-49051
CVE-2026-49051 affects the WordPress plugin WP Meta and Date Remover up to version 2.3.6. The issue is a Missing Authorization vulnerability caused by broken access control that allows exploitation through incorrectly configured access levels. Documents indicate affected plugin versions and a med...
CVE-2026-49051 WordPress WP Meta and Date Remover plugin <= 2.3.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...
WordPress WP Meta and Date Remover plugin <= 2.3.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Meta and Date Remover versions = 2.3.6...
CVE-2026-49047 WordPress DearFlip plugin <= 2.4.27 - Broken Access Control vulnerability
Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...
CVE-2026-49047 WordPress DearFlip plugin <= 2.4.27 - Broken Access Control vulnerability
Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...
WordPress DearFlip plugin <= 2.4.29 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin DearFlip versions = 2.4.29...