A vulnerability classified as critical has been found in pihome-shc PiHome 2.0. This affects an unknown part of the file /user_accounts.php?uid of the component Role-Based Access Control. The manipulation leads to missing authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.
Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.
Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system using those accounts.
The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $_POST['role'] and, after basic cleaning via hrm_clean(), passes it directly to wp_insert_user() and later to $user->set_role() without verifying that the current user is allowed to assign that role. This makes it possible for authenticated attackers, with Employee-level access and above, to elevate their privileges to administrator.
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfm_save_settings AJAX action. This makes it possible for subscriber-level attackers to edit the plugin settings, such as the allowed upload file types. This can lead to remote code execution through other vulnerabilities.
ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw. By not verifying the permissions for access to resources, it allows a potential attacker to view pages that are not allowed. Specifically, it was found that any authenticated user can reach the administrative console for user management by directly requesting access to the page via URL. This allows a malicious user to modify all users' profiles, to elevate any privileges to administrative ones, or to create or delete any type of user. It is also possible to modify the emails of other users, through a misconfiguration of the username parameter, on the user profile page. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020
SiteVision 4 has Incorrect Access Control.
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This function is still vulnerable to Cross-Site Request Forgery as of 1.12.20.
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution.
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.
A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2.
Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover.
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2.
SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data.
The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users.
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform many actions as the AJAX hooks to several functions. Some potential impacts include arbitrary post deletion, arbitrary post creation, post duplication, settings update, user manipulation, and much more.
In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves
Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist.
Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4.
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
Missing Authorization vulnerability in Gaurav Aggarwal Backup and Move backup-and-move allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup and Move: from n/a through <= 0.1.
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.
Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28.
Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile DJ Manager: from n/a through 1.7.6.
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their privileges to that of an administrator by creating a package post whose property_package_user_role is set to administrator and then submitting the PayPal registration form.
Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1.
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11.
Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30.
Missing Authorization vulnerability in quomodosoft QS Dark Mode allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QS Dark Mode: from n/a through 3.0.
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through 2.1.0.
Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo gallery/photo album.: from n/a through <= 1.0.7.