Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4.
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls.
Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4.
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin.
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their privileges to that of an administrator by creating a package post whose property_package_user_role is set to administrator and then submitting the PayPal registration form.
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, unsanitized storage of terminology descriptions containing dangerous payloads, and a lack of semantic fencing when injecting terminology into the LLM's system prompt. Together, these flaws allow an attacker to hijack the LLM's reasoning to generate malicious PostgreSQL commands (e.g., COPY ... TO PROGRAM), ultimately achieving Remote Code Execution on the database or application server with postgres user privileges. The issue is fixed in v1.6.0.
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
SiteVision 4 has Incorrect Access Control.
Missing Authorization vulnerability in ClickWhale ClickWhale clickwhale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ClickWhale: from n/a through <= 2.4.6.
Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.1.
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through <= 2.1.0.
A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used.
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/product.php. The manipulation of the argument Picture leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.
SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0.
Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control over the stolen hosts, including the ability to execute scripts with root privileges. Version 4.81.1 patches the issue.
OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execute admin-gated Gateway RPCs.
Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation.
Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.9.93.
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user.
A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user (including low-privileged CI/CD Developers) to obtain the global API Token signing key by accessing the /orchestrator/attributes?key=apiTokenSecret endpoint. After obtaining the key, attackers can forge JWT tokens for arbitrary user identities offline, thereby gaining complete control over the Devtron platform and laterally moving to the underlying Kubernetes cluster. This issue has been patched via commit d2b0d26.
The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).
SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application.
Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.
The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfm_save_settings AJAX action. This makes it possible for subscriber-level attackers to edit the plugin settings, such as the allowed upload file types. This can lead to remote code execution through other vulnerabilities.
Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended.
Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2.
The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wep_opcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the default registration role within the plugin's registration flow to Administrator, which allows any user to create an Administrator account.
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.
ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw. By not verifying the permissions for access to resources, it allows a potential attacker to view pages that are not allowed. Specifically, it was found that any authenticated user can reach the administrative console for user management by directly requesting access to the page via URL. This allows a malicious user to modify all users' profiles, to elevate any privileges to administrative ones, or to create or delete any type of user. It is also possible to modify the emails of other users, through a misconfiguration of the username parameter, on the user profile page. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020
Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through <= 3.1.19.
Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap simple-sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through <= 3.6.0.
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.
An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions.
IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.
Missing Authorization vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through <= 2.4.6.
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /upload/ of the component JSP Parser. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pieregister_install_addon function in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins. As a result attackers might achieve code execution on the targeted server
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.
Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite an administrator's user_pass, user_email, first_name, last_name, and other profile fields by supplying an arbitrary ?user_id= value, enabling full administrator account takeover via direct password replacement or email-redirect password reset. Exploitation requires the targeted Edit-User form to have its 'Roles' configuration setting left empty; when a non-empty roles list is configured, load_data() sets the user ID to 'none' for users whose roles fall outside the allowed list, preventing administrators from being targeted through that form.