CVE-2026-2849

The CVE affects yeqifu warehouse (up to commit aaf29962ba407d22d991781de28796ee7b4670e4). The vulnerable component is the Cache Sync Handler, specifically the CacheController.java functions deleteCache, removeAllCache, and syncCache. The root cause is improper access controls in these methods, en...

CVE-2025-68834 WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for...

CVE-2025-68834

CVE-2025-68834 corresponds to a Missing Authorization vulnerability in the WordPress plugin Sync Master Sheet – Product Sync with Google Sheet for WooCommerce (versions through 1.1.3). Red Hat and CVE records describe it as broken access control that allows exploitation due to incorrectly configu...

CVE-2026-27056

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...

PT-2026-21247

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerCacheController.java of the component Cache Sync Handler...

WordPress plugin Sync Master Sheet – Product Sync with Google Sheet for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

warehouse 访问控制错误漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu’s individual developer, based on Spring Boot. There is an access control vulnerability in Warehouse. This vulnerability stems from improper access control issues in the functions deleteCache, removeAllCache, and...

CVE-2025-67438

A Stored Cross-Site Scripting XSS vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information,...

CVE-2025-67438

CVE-2025-67438 affects Sync-in Server prior to 1.9.3. A stored XSS flaw allows an authenticated attacker to upload a crafted SVG file containing a malicious payload, enabling execution of arbitrary JavaScript in a victim’s browser and potential exfiltration of sensitive data, including session co...

PT-2026-21020

Name of the Vulnerable Software and Affected Versions Sync-in Server versions prior to 1.9.3 Description A Stored Cross-Site Scripting XSS issue exists in Sync-in Server. An authenticated attacker can execute arbitrary JavaScript in a victim’s browser. This is achieved by uploading a crafted SVG...

PT-2026-21101

Name of the Vulnerable Software and Affected Versions Sync Master Sheet – Product Sync with Google Sheet for WooCommerce versions through 1.1.3 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. This allows for unauthorize...

CVE-2025-67438

A Stored Cross-Site Scripting XSS vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information,...

Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)

Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)

Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)

Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)

Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

CVE-2026-27056

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...

CVE-2026-27056 WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...

CVE-2026-27056 WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...

CVE-2026-27056

The CVE-2026-27056 entry concerns the WordPress plugin StellarWP iThemes Sync (WordPress) with a Broken/Missing Authorization vulnerability in its access control. Affected software: iThemes Sync plugin versions up to and including 3.2.8. Root cause inferred from descriptions: misconfigured access...