CVE-2026-34905

CVE-2026-34905 affects Apache Answer up to version 2.0.0. The issue arises from the unlisted question feature not enforcing access restrictions on direct API endpoints, permitting authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Upgrade...

CVE-2026-10854 Unauthorized exposure of private galaxies in MISP event template creation

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

FreeBSD : traefik -- Unauthorized exposure of the REST provider (4e221ca1-573a-11f1-9f6d-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4e221ca1-573a-11f1-9f6d-5404a68ad561 advisory. The traefik project releases a new version addressing a CVE: Tenable has extracted the preceding...

CVE-2026-44774 Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider...

traefik -- Unauthorized exposure of the REST provider

The traefik project releases a new version addressing a CVE: CVE-2026-44774 Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider...

WordPress ilGhera Support System for WooCommerce plugin <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Woocommerce Support System versions = 1.3.0...

CVE-2026-5266

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php. This issue affects Echo: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-40690 Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

WordPress Liaison Site Prober plugin <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint vulnerability

Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Liaison Site Prober versions = 1.2.1...

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to 4.0.260206.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could lead to unauthorized...

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260205.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could lead to unauthorized...

CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

CVE-2026-20995

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

CVE-2026-20995

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

CVE-2026-20995

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

CVE-2026-20995

Affected product: Smart Switch. The connected documents describe a vulnerability where exposure of sensitive functionality to an unauthorized actor exists in Smart Switch prior to version 3.7.69.15, enabling remote attackers to set a specific configuration. Root cause: improper access control tha...

PT-2026-25600

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

CVE-2026-2747

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...

CVE-2026-2747 PGP Mixed Plaintext and Encrypted Content

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...

WordPress Order Splitter for WooCommerce plugin <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Order Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Order Splitter for WooCommerce versions = 5.3.5...