34 matches found
EUVD-2023-50391
Malicious code in bioql PyPI...
EUVD-2024-29138
Malicious code in bioql PyPI...
EUVD-2024-31311
Malicious code in bioql PyPI...
EUVD-2024-25178
Malicious code in bioql PyPI...
EUVD-2022-0713
Malicious code in bioql PyPI...
CVE-2025-20347 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
PT-2025-34349 · Wpsoul · Greenshift
Name of the Vulnerable Software and Affected Versions: Greenshift versions through 12.1.1 Description: A missing authorization flaw exists in wpsoul Greenshift, allowing exploitation of incorrectly configured access control security levels. Recommendations: At the moment, there is no information...
PT-2025-29745 · Smtp2Go · Smtp2Go
Name of the Vulnerable Software and Affected Versions: SMTP2GO versions n/a through 1.12.1 Description: The SMTP2GO software contains a missing authorization flaw that allows exploiting incorrectly configured access control security levels. Recommendations: At the moment, there is no information...
PT-2025-28292 · Sap Se · Sap Netweaver/Abap Platform
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is due to a missing authorization check, allowing an attacker authenticated as a non-administrative user to call a remote-enabled function module. This could enable access to...
PT-2025-28247 · Mediawiki · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - AbuseFilter Extension versions 1.39.0 through 1.39.12 Mediawiki - AbuseFilter Extension versions 1.42.0 through 1.42.6 Mediawiki - AbuseFilter Extension versions 1.43.0 through 1.43.1 Description: The issue is related to a Missing...
CVE-2025-53284 WordPress CMS Blocks plugin <= 1.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in pankaj.sakaria CMS Blocks cms-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS Blocks: from n/a through = 1.1...
CVE-2025-49993
CVE-2025-49993 covers a Missing Authorization vulnerability in the WordPress Cookie-Script.com plugin (versions ≤ 1.2.1). Attack surface is the plugin’s access control configuration, described as “Broken/Incorrectly Configured Access Control,” enabling exploitation of insufficient authorization c...
PT-2025-26358 · Unknown · Contentstudio
Name of the Vulnerable Software and Affected Versions: ContentStudio versions 1.3.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For ContentStudio versions 1.3.4 and...
PT-2025-24545
Name of the Vulnerable Software and Affected Versions Lablup's BackendAI affected versions not specified Description The issue is related to missing authorization in Lablup's BackendAI, allowing attackers to take over all active sessions. This enables them to access, steal, or alter any data...
PT-2025-24521 · Unknown · Cryptocloud - Crypto Payment Gateway
Name of the Vulnerable Software and Affected Versions: CryptoCloud - Crypto Payment Gateway versions n/a through 2.1.2 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...
PT-2025-24156 · Wordapp · Wordapp
Name of the Vulnerable Software and Affected Versions: Wordapp versions 1.7.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in Wordapp Team Wordapp, which allows exploiting incorrectly configured access control security levels. Recommendations: For version...
CVE-2025-47690 WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability
Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through = 3.1...
CVE-2024-24835
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4...
CVE-2024-33574
Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1...
CVE-2024-21748
Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21...