428 matches found
EUVD-2026-42241
MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...
CVE-2026-10835
The CVE-2026-10835 entry concerns the SALESmanago & Leadoo WordPress plugin, affected versions before 3.11.3. The vulnerability arises from improper sanitisation/escaping of a parameter in an AJAX action before it is used in a SQL statement, coupled with missing authorization enforcement for that...
CVE-2026-44413
In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access...
CVE-2026-3473 Improper file ownership validation in the Boards API allows unauthorised file access
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...
CVE-2026-44448 ERPNext: Unauthorised Document modification due to missing validation
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0...
EUVD-2026-29176
In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access...
CVE-2026-44413
In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access...
Exploit for Incorrect Authorization in Pydio Cells
CVE-2023-32749 | Pydio Cells Unauthorised Role Assignment Exp...
Dell PowerScale OneFS Unauthorised File Access Vulnerability (DSA-2025-208)
The Dell PowerScale OneFS on the remote device is missing a security patch and is, therefore, affected by a Unauthorised File Access Vulnerability: - Dell PowerScale OneFS, versions 9.5.0.0 = 9.5.1.2 / 9.7.0.0 = 9.7.1.7 / 9.8.0.0 = 9.10.0.1, contain a missing authorization vulnerability in the NF...
CVE-2018-1000640
OpenCart-Overclocked version =1.11.1 contains a Cross Site Scripting XSS vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be...
CVE-2019-18238
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account...
CVE-2022-0735
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure...
CVE-2025-13498
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the wpdmmediaaccess AJAX action. This makes it possible for authenticated attackers,...
PT-2025-52250
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...
EUVD-2024-27069
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices...
CVE-2025-41017
Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras//perspective”...
EUVD-2025-198649
Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras//perspective”...
CVE-2025-41017 Multiple vulnerabilities in DFUSION by Davantis
Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras//perspective”...
CVE-2025-41016 Multiple vulnerabilities in DFUSION by Davantis
Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms//”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images...
CVE-2025-41016 Multiple vulnerabilities in DFUSION by Davantis
Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms//”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images...