PT-2026-45063

Summary Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspace id/members/user id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member can remove any other member, including the workspace owner, using a single DELETE...

CVE-2026-9796

A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm,...

EUVD-2026-32598

Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...

CVE-2026-46425

Budibase contains a SCIM authorization flaw prior to version 3.38.2: the SCIM router (packages/worker/src/api/routes/global/scim.ts) attaches only requireSCIM and doInScimContext middlewares, with no role check. This allows any authenticated user (including BASIC role) who reaches the worker to p...

CVE-2026-46425

Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...

CVE-2026-6228 Frontend Admin by DynamiApps <= 3.28.36 - Unauthenticated Privilege Escalation via Edit User Form

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

GHSA-45M8-CPM2-3V65 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access Affected Component Socket.IO session state and role-check callsites: - backend/openwebui/socket/main.py lines 330-351, connect handler — role snapshotted into SESSIONPOOL - backend/openwebui/socket/main.py lin...

CVE-2025-13618

The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoringprocessregistration function. This makes it possible for unauthenticated...

PT-2026-37185

Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.74.2 through 1.83.6 Description Two endpoints used to preview an MCP server before saving it, "POST /mcp-rest/test/connection" and "POST /mcp-rest/test/tools/list", accepted a full server configuration in the request body...

EUVD-2026-10557

StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service...

Improper Handling of Insufficient Permissions or Privileges

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via improper enforcement of roles in the UMA 2.0...

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

CVE-2025-70866

CVE-2025-70866 — LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low privileges (User role) can directly access the admin backend via /admin/login because the admin and user authentication guards share the same user provider without role-based access cont...

BIT-MOODLE-2025-67856 Moodle: moodle: privilege escalation via incomplete role checks in badge awarding

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...

CVE-2026-24312

An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...

GHSA-HCM6-Q6PC-XFHM Moodle has an authorization logic flaw

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...

CVE-2025-67856

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...

CVE-2025-67856

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...

CVE-2025-67856

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...