185603 matches found
CVE-2026-57813
Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through = 1.2.77.3...
CVE-2026-57768
Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through = 3.3.3...
CVE-2026-57410
Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through = 2.0.2...
CVE-2026-57386
Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through 2.9.1...
Vulnerabilities found in Juniper Networks’ Junos OS and Junos OS Evolved
Juniper has identified several vulnerabilities in Junos OS and Junos OS Evolved, specifically related to devices in the MX Series, PTX Series, QFX Series, EX Series, SRX Series, and QFX10000 Series. These vulnerabilities affect various components of Junos OS and Junos OS Evolved, including the...
WordPress ProfilePress <= 3.1.3 - Privilege Escalation
ProfilePress plugin before 3.1.4 allows privilege escalation. Due to insufficient validation in the profile update functionality, authenticated users can supply arbitrary usermeta fields, including wpcapabilities, during profile updates. This enables a user to escalate their privileges to...
Kramer VIAware - Privilege Escalation and Remote Code Execution
Kramer VIAware, all tested versions, allow privilege escalation and remote code execution due to misconfigured sudo permissions. Attackers can execute arbitrary system commands remotely if the web interface is accessible, due to vulnerabilities in the handling of privileged operations through...
Acmailer - Improper Access Control to OS Command Injection
Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified...
Control Web Panel (CWP) - File Inclusion
In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...
Keycloak - SAML Core Package Signature Validation Flaw
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...
WordPress User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation
User Registration & Membership WordPress plugin = 5.1.2 contains an improper privilege management vulnerability caused by accepting user-supplied roles without server-side allowlist enforcement, letting unauthenticated attackers create administrator accounts id: CVE-2026-1492 info: name: WordPres...
Newspaper Theme 6.4–6.7.1 - Privilege Escalation
Newspaper Theme versions 6.4 to 6.7.1 for WordPress lacked proper options access control through tdajaxupdatepanel, which led to a Privilege Escalation vulnerability. id: CVE-2016-10972 info: name: Newspaper Theme 6.4–6.7.1 - Privilege Escalation author: pussycat0x severity: critical description:...
Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint. id: CVE-2020-115...
Ruijie RG-NBS2009G-P - Improper Authentication
An issue in Ruijie RG-NBS2009G-P RGOS v.10.41P2 Release9736 allows a remote attacker to gain privileges via the system/configmenu.htm. id: CVE-2024-24116 info: name: Ruijie RG-NBS2009G-P - Improper Authentication author: friea severity: critical description: | An issue in Ruijie RG-NBS2009G-P RGO...
Joplin 3.3.3 Server - Privilege Escalation
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint PATCH /api/users/-id t...
Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...
Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation
The Simple User Registration plugin ≤ 6.3 is vulnerable to privilege escalation. It lacks proper restrictions on user meta values during registration. Unauthenticated attackers can exploit this to register as administrators. id: CVE-2025-4334 info: name: Simple User Registration = 6.3 -...
Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it...
Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...
User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation
The User Registration & Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 4.1.1. This is due to insufficient restrictions on role type in the 'preparemembersdata' function. This makes it possible for unauthenticated attackers to create newuser...