CVE-2026-7615

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the savewidgetcontextsettings function. This makes it possible for unauthenticated attackers to modify widget...

CVE-2026-7615

The CVE-2026-7615 entry concerns the WordPress Widget Context plugin (versions ≤ 1.3.3). Vulnerability: Cross-Site Request Forgery due to missing or incorrect nonce validation in save_widget_context_settings, allowing unauthenticated attackers to modify widget visibility context settings stored i...

EUVD-2021-1994

Malware in sbrugna...

EUVD-2019-4043

Malware in sbrugna...

EUVD-2025-6845

Malicious code in bioql PyPI...

CVE-2024-42988

Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...

CVE-2021-33327

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...

CVE-2021-24546

The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...

CVE-2024-9612

In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. When the search page is set to be invisible, regular users cannot view the search page or access its functionalities from the front-end interface. However, the back-end doe...

CVE-2024-9612

In danswer-ai/danswer v0.3.94, the vulnerability stems from the back-end not validating the visibility status of the search page. Administrators can hide the search page from the front-end, but regular users can still access its functionalities by directly calling the API, bypassing the visibilit...

CVE-2025-27399

Summary: Mastodon contains an access-control bug where, when domain blocks/reasons visibility is set to the English string “To logged-in users,” users not yet approved can view the block reasons. Affected versions: before 4.1.23, 4.2.16, and 4.3.4. Impact: instance admins who rely on private doma...

DRUPAL-CONTRIB-2024-004

Content within Open Social can have different visibilities. It is possible for a user to create public content even when this should not be allowed. This vulnerability is mitigated by the fact that the site must have public visibility disabled on a global level...

CVE-2019-12433

An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues...

CVE-2019-12433

An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues...

CVE-2019-12433

Removed by vendor...

CVE-2019-12433

CVE-2019-12433 affects GitLab Community and Enterprise Edition 11.7–11.11, caused by Improper Input Validation in restricted visibility settings that allow creating internal projects in private groups, leading to multiple permission issues. The issue is documented across multiple sources (Red Hat...

Atlassian JIRA ProfileLinkUserFormat Information Disclosure Vulnerability

The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote...