CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

CVE-2026-25808

Hollo (federated single-user microblogging) is affected by a vulnerability in the ActivityPub outbox that exposed DMs and followers-only posts prior to version 0.6.20 and 0.7.2. The issue is resolved in those versions (0.6.20 and 0.7.2). The CVSS is provided (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N; ...

New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization

Boston, MA, USA, 21st January 2026, CyberNewsWire...

WordPress plugin CodeablePress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-41830

An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization...

CVE-2024-31806

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a Denial-of-Service DoS vulnerability in the RebootSystem function which can reboot the system without authorization...

CVE-2023-39399

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization...

CVE-2023-21432

Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner...

TOTOLINK EX1200T 访问控制错误漏洞

TOTOLINK EX1200T is a Wi-Fi range extender from China-based Gion Electronics TOTOLINK.TOTOLINK EX1200T is vulnerable to information disclosure, which can be exploited by attackers to obtain sensitive information wifikey, wifiname, etc. without authorization...

Authorization

Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization...

WinRAR ACE File Name Logic Validation Bypass Vulnerability

WinRAR is a compressed package manager, as the archive tool RAR in the Windows environment with a graphical interface, can be used to back up data, compressed files, decompression of RAR/ZIP and other formats of the file, create RAR/ZIP and other formats of compressed files, has been more widely...