CVE-2026-11877

CVE-2026-11877 describes a missing authorization issue in OpenText Access Manager prior to 5.1.3, where an unauthorized user can modify configuration via API calls. The affected product is OpenText Access Manager; the vulnerability stems from insufficient access control on API configuration endpo...

CVE-2026-9172

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the deletesingleaccount function in versions up to, and including, 1.2.0. The REST route...

CVE-2026-8614

The CVE concerns the WordPress Assistio plugin (versions ≤ 1.1.2). A missing capability check and missing nonce verification in assistio_plugin_delete_assistio_settings() allows authenticated users with Subscriber-level access and above to modify data, including deleting the critical assistiobot_...

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

CVE-2026-5139 GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration

Mattermost versions 11.7.x slash command.. Mattermost Advisory ID: MMSA-2026-00644...

EUVD-2026-38225

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

EUVD-2026-36649

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

CVE-2026-1291

CVE-2026-1291 concerns the Meow Gallery WordPress plugin. A missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode allows authenticated users with Author-level access or higher to arbitrarily create or overwrite gallery shortcode records by supplying a user-cont...

CVE-2026-54359

MISP contains an insecure default configuration in which the Security.checksecfetchsiteheader control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...

CVE-2026-54360 MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

CVE-2026-54360 MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

PT-2026-48894

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

CVE-2026-9210

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

EUVD-2026-35462

Insufficient input validation of buffers vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0414

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-9210

CVE-2026-9210 involves an insufficient input validation vulnerability in NETGEAR routers where listed NETGEAR models allow authenticated administrators on the local network to make unauthorized modifications to router software and functionality. The underlying issue is improper input handling tha...

CVE-2026-9210 Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-9210 Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...