Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-22765

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-24 Feb, 2026 | 19:24
Updated At-24 Feb, 2026 | 21:14
Rejected At-
Credits

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:24 Feb, 2026 | 19:24
Updated At:24 Feb, 2026 | 21:14
Rejected At:
▼CVE Numbering Authority (CNA)

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Affected Products
Vendor
Dell Inc.Dell
Product
Wyse Management Suite
Default Status
unaffected
Versions
Affected
  • From N/A before 5.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862: Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Dell would like to thank Alexander Zhurnakov (Positive Technologies) for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:24 Feb, 2026 | 20:27
Updated At:24 Feb, 2026 | 21:52

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity_alert@emc.com
CWE ID: CWE-862
Type: Primary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103security_alert@emc.com
N/A
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103
Source: security_alert@emc.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

597Records found
CVE-2023-4401
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.75%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 17:12
Updated-19 Sep, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_storage_softwareDell SmartFabric Storage Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34446
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.83%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:44
Updated-26 Mar, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-285
Improper Authorization
CVE-2022-26857
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9||CRITICAL
EPSS-0.25% / 47.96%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterpriseOpenManage Enterprise
CWE ID-CWE-285
Improper Authorization
CVE-2024-52538
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.13% / 32.16%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 10:16
Updated-04 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-avamar_serveravamar_data_storeAvamar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-48016
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 29.29%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 16:34
Updated-13 Dec, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Appliance - SRS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-32465
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.62%
||
7 Day CHG~0.00%
Published-14 Jun, 2023 | 13:41
Updated-30 Dec, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_cyber_recoveryPowerProtect Cyber Recovery
CWE ID-CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
CVE-2025-26477
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.58% / 68.37%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 11:45
Updated-01 Aug, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageobjectscaleECS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-22575
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.7||HIGH
EPSS-0.33% / 55.76%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 13:16
Updated-26 Mar, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-5368
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.79%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 22:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_d560f_firmwarevxrail_d560fvxrail_d560vxrail_d560_firmwareVxRail
CWE ID-CWE-862
Missing Authorization
CVE-2024-53298
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.16%
||
7 Day CHG+0.02%
Published-20 Jun, 2025 | 13:51
Updated-11 Jul, 2025 | 12:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-862
Missing Authorization
CVE-2020-5345
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.46% / 63.58%
||
7 Day CHG~0.00%
Published-23 Jun, 2020 | 20:00
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unisphere_for_powermaxpowermax_osemc_unisphere_for_powermax_virtual_applianceUnisphere for PowerMax
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-862
Missing Authorization
CVE-2020-5362
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.96%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 20:40
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_13_2-in-1_7359inspiron_15_7570_firmwarevostro_5391_firmwareinspiron_3470latitude_e7270inspiron_7790_aioinspiron_7591_2_in_1optiplex_5480_aiovostro_3669precision_7820_firmwarevostro_3558_firmwareinspiron_5590_firmwarelatitude_e5550g7_17_7790_firmwareinspiron_14_gaming_7466_firmwareoptiplex_3280_aio_firmwarelatitude_5179inspiron_17_2-in-1_7779latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwareinsprion_5491_aiolatitude_e5270wyse_7040_thin_clientinspiron_15_2-in-1_5578latitude_5590optiplex_5080latitude_5511latitude_7390_2-in-1latitude_7214_rugged_extreme_firmwareinspiron_7501precision_5550inspiron_7580_firmwareprecision_7920inspiron_3583precision_7720vostro_5581_firmwarexps_12_9250_firmwarelatitude_3380_firmwareoptiplex_7760_aioprecision_5530_firmwareinsprion_5491_aio_firmwareoptiplex_5040vostro_15_7580inspiron_14_5468inspiron_13_7370_firmwareprecision_tower_3431_small_form_factor_firmwareinspiron_7391_2_in_1_firmwareinspiron_15_3559_firmwareoptiplex_5050latitude_3460_firmwareg5_15_5500_firmwareinspiron_15_2-in-1_7568_firmwareinspiron_15_gaming_7577latitude_3470optiplex_3050_aioinspiron_5400_2_in1precision_3620_towerxps_13_9360vostro_14_3478_firmwareoptiplex_3060_firmwareinspiron_5490_aio_firmwarelatitude_3590_firmwareinspiron_5557latitude_7490_firmwarelatitude_7250_firmwareinspiron_14_7460_firmwareinspiron_15_2-in-1_7569precision_5520xps_7390_2-in-1_firmwareinspiron_7490_firmwareoptiplex_7480_aioprecision_5720_aiolatitude_5591xps_15_9570inspiron_14_3459inspiron_3471optiplex_5050_firmwareprecision_7520_firmwarelatitude_5175_firmwarelatitude_5250inspiron_13_7370inspiron_7586optiplex_3040_firmwarelatitude_3400optiplex_5070optiplex_7460_aio_firmwarevostro_3458_firmwareoptiplex_7071_towerprecision_3430optiplex_3280_aioinspiron_14_7460latitude_7285_firmwarexps_13_9370_firmwarelatitude_3560vostro_3581_firmwarelatitude_7275vostro_3581latitude_9410optiplex_7070latitude_3570optiplex_7080_firmwarelatitude_5420_rugged_firmwarelatitude_5310inspiron_15_5567vostro_5391optiplex_aio_7470_firmwarelatitude_3301inspiron_5594latitude_5420_ruggedvostro_3268_firmwarevostro_3660latitude_7390_2-in-1_firmwarechengming_3967inspiron_5457latitude_7480_firmwarelatitude_3350_firmwarevostro_14_5468_firmwarelatitude_e5470_firmwarechengming_3977vostro_5090latitude_3190vostro_5370inspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488inspiron_13_2-in-1_7359_firmwarelatitude_7380vostro_14_5468xps_15_9560inspiron_3580_firmwareinspiron_14_gaming_7466inspiron_3781_firmwarelatitude_5550_firmwarevostro_5370_firmwareinspiron_13_2-in-1_7373vostro_3670_firmwareinspiron_15_2-in-1_5568inspiron_15_gaming_7577_firmwareinspiron_13_2-in-1_7378latitude_7214_rugged_extremelatitude_7275_firmwarexps_7380_firmwarelatitude_3310precision_7520latitude_5290_2-in-1vostro_15_3578_firmwarevostro_3660_firmwarewyse_5470_all-in-one_firmwareinspiron_5482precision_7820_towerlatitude_7290optiplex_3240_aiolatitude_7212_rugged_extreme_tablet_firmwareinspiron_17_2-in-1_7773_firmwarelatitude_7480latitude_7210_2_in_1_firmwarevostro_3881inspiron_7391_firmwarewyse_5470_firmwareinspiron_5593latitude_5550inspiron_7580vostro_5390_firmwareinspiron_3668inspiron_5770latitude_3580latitude_7250precision_5820_tower_firmwareinspiron_3668_firmwareinspiron_5559_firmwareinspiron_3493_firmwareinspiron_7590_2_in_1_firmwarevostro_3558vostro_5300latitude_3190_2-in-1_firmwarelatitude_5285inspiron_5480_firmwareinspiron_3590chengming_3967_firmwareoptiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268latitude_7350_firmwareinspiron_15-3552optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510latitude_3301_firmwarevostro_3481_firmwarelatitude_5491optiplex_7040inspiron_7386inspiron_5591_2-in-1_firmwareinspiron_11_2-in-1_3158_firmwarelatitude_7280g3_15_3500inspiron_7591_2_in_1_firmwarevostro_3459latitude_5410precision_3541optiplex_7050_firmwareinspiron_7300_2_in_1_firmwareprecision_7730_firmwarelatitude_3379_firmwareprecision_3551inspiron_17_5767precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwarelatitude_7350optiplex_7780_aio_firmwarelatitude_7414_rugged_firmwareg7_17_7790optiplex_aio_7770_firmwareoptiplex_5260_aio_firmwarelatitude_7285g7_15_7590inspiron_13_2-in-1_5379_firmwareinspiron_7391vostro_3671_firmwareinspiron_15_2-in-1_5578_firmwareprecision_3440precision_7510_firmwareinspiron_7300_2_in_1optiplex_5250_firmwarelatitude_e5450inspiron_7390_2_in_1_firmwareinspiron_3576inspiron_3671_firmwareinspiron_14_gaming_7467_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwareinspiron_3781inspiron_3576_firmwareinspiron_5300_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwarevostro_7500inspiron_7590_firmwareinspiron_5491_2_in_1latitude_3460_mobile_thin_clientinspiron_15_3567latitude_7389vostro_3681vostro_3591latitude_3560_firmwareinspiron_5570_firmwareprecision_7920_towervostro_3559_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593inspiron_5370latitude_5250_firmwareoptiplex_7460_aioinspiron_5491_2_in_1_firmwareinspiron_3481_firmwareprecision_5530inspiron_15_gaming_7567inspiron_14_3458_firmwarelatitude_7310_firmwareoptiplex_7440_aiooptiplex_7071_tower_firmwareinspiron_3790_firmwareinspiron_3584_firmwarelatitude_9510latitude_5280_mobile_thin_client_firmwarevostro_3591_firmwareinspiron_3583_firmwareinspiron_5770_firmwareinspiron_7586_firmwareprecision_tower_3431_small_form_factorlatitude_3180_firmwarevostro_3681_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarexps_8900_firmwarexps_15_9570_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwarevostro_3668latitude_7280_firmwarevostro_3670latitude_5280latitude_5179_firmwareoptiplex_3240_aio_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwarelatitude_e7450_firmwareprecision_3930_rackprecision_5530_2-in_1vostro_3490inspiron_5391g5_15_5590_firmwareinspiron_5598latitude_e5550_firmwareg7_15_7590_firmwarexps_13_2-in-1_9365_firmwarelatitude_3480inspiron_15_2-in-1_5579inspiron_5459xps_13_9300_firmwarelatitude_e7450inspiron_14_3468_firmwarelatitude_5280_mobile_thin_clientvostro_3671inspiron_7591inspiron_13_2-in-1_7368_firmwarelatitude_7310inspiron_7500_2_in_1optiplex_5270_aioinspiron_7500latitude_3379vostro_3584_firmwareinspiron_15_2-in-1_7579_firmwareinspiron_5457_firmwarechengming_3990_firmwarelatitude_3390_2-in-1_firmwarelatitude_7414_ruggedvostro_15_5568inspiron_15_5567_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareinspiron_14_5490_firmwareprecision_5530_2-in_1_firmwarevostro_3458optiplex_7060vostro_14_3468_firmwarelatitude_5290_firmwarelatitude_7424_rugged_extremeg5_5090_firmwarelatitude_7390vostro_3491_firmwareg3_15_3590vostro_3480_firmwareprecision_7510inspiron_5490_aioxps_27_aio_7760_firmwarechengming_3991_firmwarevostro_7590_firmwarelatitude_e5250_firmwareprecision_3510_firmwarewyse_5070_thin_client_firmwareinspiron_11_2-in-1_3158inspiron_5759latitude_7389_firmwarelatitude_e7470precision_3630_tower_firmwareinspiron_13_2-in-1_7373_firmwareoptiplex_5040_firmwareinspiron_3581inspiron_15_5566_firmwarelatitude_5424_ruggedlatitude_5488_firmwareinspiron_7590_2_in_1inspiron_5583inspiron_7500_firmwareinspiron_15_3559inspiron_5591_2-in-1precision_3541_firmwarelatitude_3480_mobile_thin_client_firmwareprecision_7920_firmwareinspiron_15_7572xps_27_aio_7760inspiron_3476_firmwarevostro_3881_firmwarevostro_3490_firmwarelatitude_5511_firmwareoptiplex_7040_firmwareinspiron_5493inspiron_17_2-in-1_7779_firmwareprecision_3550latitude_7370latitude_7370_firmwarexps_7380optiplex_5070_firmwareinspiron_7790_aio_firmwarelatitude_3390_2-in-1latitude_3310_2-in-1inspiron_5390_firmwarelatitude_5490inspiron_17_2-in-1_7773inspiron_13_2-in-1_7378_firmwareinspiron_7390_2_in_1vostro_3070_firmwareprecision_5720_aio_firmwarexps_13_2-in-1_9365latitude_3190_2-in-1vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_5310_2_in_1_firmwareinspiron_17_5767_firmwarelatitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_3070_firmwareinspiron_15_gaming_7566inspiron_13_2-in-1_5378latitude_7410_firmwarevostro_3667latitude_e7470_firmwareprecision_7720_firmwareinspiron_3476inspiron_3780inspiron_7380_firmwarelatitude_7390_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarelatitude_3400_firmwarelatitude_3510inspiron_15_3568_firmwareinspiron_5584precision_3520latitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5080_firmwareinspiron_14_3459_firmwareinspiron_15_7570latitude_e5270_firmwareinspiron_5493_firmwarevostro_3471inspiron_3480_firmwareoptiplex_5060_firmwarevostro_3590vostro_5390latitude_e7250_firmwareinspiron_11_2-in-1_3153vostro_5590_firmwarelatitude_3470_firmwareprecision_7530_firmwareinspiron_3790vostro_3583_firmwareinspiron_15_5566inspiron_15_gaming_7567_firmwarelatitude_3190_firmwareinspiron_5494optiplex_5260_aioinspiron_15_2-in-1_5579_firmwarelatitude_e7270_mobile_thin_clientg3_3779_firmwarexps_13_9300vostro_15_3578latitude_3500_firmwareoptiplex_aio_7770inspiron_13_2-in-1_5379latitude_5285_firmwarelatitude_7210_2_in_1chengming_3991latitude_5288_firmwareinspiron_5559inspiron_7501_firmwareinspiron_5480inspiron_15_2-in-1_7569_firmwareoptiplex_7760_aio_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwareprecision_7710_firmwarelatitude_3590inspiron_5400_2_in1_firmwareinspiron_7472_firmwarechengming_3990optiplex_7780_aiovostro_3583latitude_5491_firmwarevostro_5880_firmwareinspiron_3493inspiron_15_7560xps_15_9560_firmwarevostro_14_3468optiplex_3060optiplex_5060chengming_3988_firmwareinspiron_15_2-in-1_7573_firmwareinspiron_3584inspiron_5482_firmwarelatitude_3410_firmwarevostro_5481wyse_5470_all-in-oneprecision_3530_firmwareinspiron_5583_firmwareinspiron_15_2-in-1_7579latitude_5580_firmwarelatitude_3189vostro_3580inspiron_7472latitude_5175inspiron_14_3467_firmwarevostro_3491inspiron_13_2-in-1_5368vostro_15_3568embedded_box_pc_5000optiplex_7480_aio_firmwareinspiron_15_2-in-1_5568_firmwarexps_7390_2-in-1xps_8900inspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_5557_firmwareinspiron_7386_firmwarelatitude_3460_mobile_thin_client_firmwareoptiplex_7080vostro_7500_firmwarelatitude_5480vostro_5471_firmwareinspiron_17_2-in-1_7778_firmwarevostro_3559optiplex_3046g3_15_3500_firmwarelatitude_e7270_mobile_thin_client_firmwarelatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwareinspiron_14_5490inspiron_17_2-in-1_7778inspiron_13_2-in-1_5368_firmwarelatitude_5510vostro_5300_firmwarewyse_5470inspiron_3593_firmwareinspiron_5459_firmwarevostro_3459_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareinspiron_7786_firmwarelatitude_3310_2-in-1_firmwarelatitude_5310_2_in_1vostro_15_3568_firmwarelatitude_7410inspiron_3590_firmwareprecision_3430_firmwarelatitude_5411optiplex_7450_firmwareoptiplex_7450optiplex_3050_aio_firmwarexps_15_2-in-1_9575_firmwareinspiron_15_3567_firmwareg3_3579_firmwarevostro_15_5568_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_13_9360_firmwarevostro_3590_firmwareinspiron_5498optiplex_7440_aio_firmwareinspiron_14_5468_firmwareinspiron_7591_firmwarexps_15_7500latitude_5290inspiron_5300latitude_5289_firmwareprecision_5550_firmwarechengming_3980_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwareinspiron_5590latitude_3350vostro_5481_firmwarevostro_5490vostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671optiplex_aio_7470inspiron_15_2-in-1_7573inspiron_5582inspiron_5498_firmwareinspiron_13_2-in-1_7368precision_5540vostro_5490_firmwareinspiron_14_3473inspiron_14_3458inspiron_3480optiplex_5270_aio_firmwareinspiron_13_2-in-1_7353latitude_3490latitude_e5450_firmwareprecision_3930_rack_firmwareinspiron_3670inspiron_3793_firmwarelatitude_3300_firmwarevostro_5471precision_3640_towerxps_15_7500_firmwareinspiron_11_2-in-1_3153_firmwareinspiron_5759_firmwareinspiron_7391_2_in_1vostro_5581inspiron_3490latitude_5510_firmwareinspiron_3670_firmwarelatitude_3480_mobile_thin_clientlatitude_7212_rugged_extreme_tabletvostro_15_7570latitude_e5570_firmwareoptiplex_3046_firmwarelatitude_3380inspiron_15_gaming_7566_firmwarelatitude_5289inspiron_5582_firmwarelatitude_3460precision_7820vostro_3471_firmwarelatitude_3410precision_5510_firmwareprecision_3420_towerg5_15_5590wyse_5070_thin_clientinspiron_3881xps_13_9380inspiron_14_gaming_7467precision_3420_tower_firmwareoptiplex_5480_aio_firmwarelatitude_5490_firmwarelatitude_5591_firmwarelatitude_5310_firmwarelatitude_3500vostro_3070inspiron_3793inspiron_5481_firmwareprecision_5520_firmwarexps_12_9250chengming_3988inspiron_13_2-in-1_7353_firmwarelatitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareprecision_5540_firmwarevostro_5590inspiron_3268_firmwarexps_15_2-in-1_9575inspiron_13_2-in-1_5378_firmwarevostro_3480inspiron_7500_2_in_1_firmwareg5_15_5500latitude_5450inspiron_15_3568inspiron_5593_firmwareprecision_3630_towerg5_5587latitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedoptiplex_3070optiplex_3040inspiron_15_2-in-1_7568latitude_5450_firmwarelatitude_7290_firmwareprecision_7530inspiron_5370_firmwarechengming_3977_firmwareinspiron_15_7560_firmwareinspiron_5391_firmwarelatitude_e5250embedded_box_pc_5000_firmwareoptiplex_7050inspiron_14_3468inspiron_3490_firmwareprecision_3510vostro_14_3478xps_13_9380_firmwarelatitude_7490inspiron_5390latitude_5288optiplex_7060_firmwareg3_3779inspiron_15-3552_firmwareinspiron_14_3473_firmwareoptiplex_5250vostro_3667_firmwarelatitude_e7250precision_7920_tower_firmwarevostro_15_7570_firmwareDell Client Consumer and Commercial platforms
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2024-49596
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 28.81%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 02:56
Updated-04 Feb, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management SuiteWyse Management Suite Repositorywyse_management_suitedell_wyse_management_suite_repository
CWE ID-CWE-862
Missing Authorization
CVE-2019-18581
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-2.20% / 84.14%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 18:20
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idpa_dp8300emc_integrated_data_protection_appliance_firmwareemc_data_protection_advisoremc_idpa_dp5800emc_idpa_dp4400emc_idpa_dp8800Data Protection Advisor
CWE ID-CWE-862
Missing Authorization
CVE-2021-47701
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.12% / 31.09%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 20:35
Updated-17 Dec, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenBMCS User Management Privilege Escalation

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.

Action-Not Available
Vendor-openbmcsOPEN BMCS
Product-openbmcsOpenBMCS
CWE ID-CWE-862
Missing Authorization
CVE-2026-26368
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.02% / 3.37%
||
7 Day CHG-0.02%
Published-15 Feb, 2026 | 15:29
Updated-18 Feb, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JUNG eNet SMART HOME server 2.2.1/2.3.1 Account Takeover via resetUserPassword

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user (UG_USER) to reset the password of arbitrary accounts, including those in the UG_ADMIN and UG_SUPER_ADMIN groups, without supplying the current password or having sufficient privileges. By sending a crafted JSON-RPC request to /jsonrpc/management, an attacker can overwrite existing credentials, resulting in direct account takeover with full administrative access and persistent privilege escalation.

Action-Not Available
Vendor-JUNG
Product-eNet SMART HOME server
CWE ID-CWE-862
Missing Authorization
CVE-2021-4337
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.21%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 12:43
Updated-23 Dec, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0.

Action-Not Available
Vendor-xforwoocommerceXforWooCommerce
Product-add_product_tabsxforwoocommerceimproved_product_optionsfloating_cartshare\,_print_and_pdf_productsimproved_sale_badgeslive_product_editorpackage_quantitylive_searchproduct_filterautopilot_seocomment_and_review_spam_controlbulk_add_to_cartprice_commanderproduct_loopswarranties_and_returnsBulk Add to Cart for WooCommerceFloating Cart for WooCommerceXforWooCommercePackage Quantity DiscountShare, Print and PDF Products for WooCommercePrice Commander for WooCommerceProduct Filter for WooCommerceWarranties and Returns for WooCommerceAutopilot SEO for WooCommerceLive Search for WooCommerceImproved Sale Badges for WooCommerceImproved Product Options for WooCommerceAdd Product Tabs for WooCommerceComment and Review Spam Control for WooCommerceLive Product Editor for WooCommerceProduct Loops for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2021-4447
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.21% / 42.72%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-10 Jan, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation

The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user.

Action-Not Available
Vendor-WPDeveloper
Product-essential_addons_for_elementorEssential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Buildersessential_addons_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-56266
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 45.59%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-22 Jan, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MP3 Audio Player plugin <= 5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.8.

Action-Not Available
Vendor-sonaarSonaar Music
Product-mp3_audio_player_for_music\,_radio_\&_podcastMP3 Audio Player for Music, Radio & Podcast by Sonaar
CWE ID-CWE-862
Missing Authorization
CVE-2024-56211
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.52%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:03
Updated-31 Dec, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability

Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9.

Action-Not Available
Vendor-DeluxeThemes
Product-Userpro
CWE ID-CWE-862
Missing Authorization
CVE-2021-4368
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.9||CRITICAL
EPSS-5.21% / 89.73%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-23 Dec, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfm_save_settings AJAX action. This makes it possible for subscriber-level attackers to edit the plugin settings, such as the allowed upload file types. This can lead to remote code execution through other vulnerabilities.

Action-Not Available
Vendor-najeebmedianmedia
Product-frontend_file_manager_pluginFrontend File Manager Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-56276
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 60.84%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:49
Updated-12 Aug, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through 1.9.2.2.

Action-Not Available
Vendor-WPForms, LLC
Product-wpformsContact Form by WPForms
CWE ID-CWE-862
Missing Authorization
CVE-2021-44595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-8.17% / 92.02%
||
7 Day CHG~0.00%
Published-29 Apr, 2022 | 11:23
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.

Action-Not Available
Vendor-wondersharen/a
Product-dr.fonen/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-54378
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-1.97% / 83.25%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quietly Insights plugin <= 1.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in Quietly Quietly Insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through 1.2.2.

Action-Not Available
Vendor-Quietly
Product-Quietly Insights
CWE ID-CWE-862
Missing Authorization
CVE-2021-44233
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.57%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 15:44
Updated-04 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-access_controlSAP GRC Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2024-54268
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 68.15%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:24
Updated-12 Mar, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0.

Action-Not Available
Vendor-siteoriginSiteOrigin
Product-siteorigin_widgets_bundleSiteOrigin Widgets Bundle
CWE ID-CWE-862
Missing Authorization
CVE-2024-54379
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-2.07% / 83.65%
||
7 Day CHG+0.18%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Minterpress plugin <= 1.0.5 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in Blokhaus Minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through 1.0.5.

Action-Not Available
Vendor-Blokhaus
Product-Minterpress
CWE ID-CWE-862
Missing Authorization
CVE-2024-55879
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-19.79% / 95.31%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 19:17
Updated-30 Apr, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki allows RCE from script right in configurable sections

XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-862
Missing Authorization
CVE-2021-4361
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.16%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-23 Dec, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site.

Action-Not Available
Vendor-eyecixhttps://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856
Product-jobsearch_wp_job_boardJobSearch WP Job Board
CWE ID-CWE-862
Missing Authorization
CVE-2024-53816
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 12:59
Updated-03 Feb, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5.

Action-Not Available
Vendor-Themeum
Product-tutor_lms_elementor_addonsTutor LMS Elementor Addons
CWE ID-CWE-862
Missing Authorization
CVE-2024-53803
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.21%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 13:07
Updated-10 Feb, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.

Action-Not Available
Vendor-wpmailsterbrandtoss
Product-wp_mailsterWP Mailster
CWE ID-CWE-862
Missing Authorization
CVE-2026-25538
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.02% / 3.73%
||
7 Day CHG-0.03%
Published-04 Feb, 2026 | 21:37
Updated-11 Feb, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user (including low-privileged CI/CD Developers) to obtain the global API Token signing key by accessing the /orchestrator/attributes?key=apiTokenSecret endpoint. After obtaining the key, attackers can forge JWT tokens for arbitrary user identities offline, thereby gaining complete control over the Devtron platform and laterally moving to the underlying Kubernetes cluster. This issue has been patched via commit d2b0d26.

Action-Not Available
Vendor-devtrondevtron-labs
Product-devtrondevtron
CWE ID-CWE-862
Missing Authorization
CVE-2017-6369
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-8.85% / 92.38%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 10:00
Updated-10 Oct, 2025 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.

Action-Not Available
Vendor-firebirdsqln/a
Product-firebirdn/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-52554
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.54%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 20:53
Updated-03 Oct, 2025 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection.

Action-Not Available
Vendor-Jenkins
Product-shared_library_version_overrideJenkins Shared Library Version Override Pluginshared_library_version_override
CWE ID-CWE-862
Missing Authorization
CVE-2020-5396
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-1.60% / 81.43%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 19:40
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JMX Insecure Default Configuration in GemFire

VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-tanzu_gemfire_for_virtual_machinesgemfireVMware Tanzu GemFire for VMsVMware GemFire
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2020-6188
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.3||MEDIUM
EPSS-0.20% / 41.90%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 19:46
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.

Action-Not Available
Vendor-SAP SE
Product-s\/4_hanaerpSAP S/4 HANA (S4CORE)SAP ERP (SAP_APPL)SAP ERP (SAP_FIN)
CWE ID-CWE-862
Missing Authorization
CVE-2022-1384
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.33% / 55.11%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:26
Updated-06 Dec, 2024 | 23:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authorized users are allowed to install old plugin versions from the Marketplace

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-477
Use of Obsolete Function
CWE ID-CWE-862
Missing Authorization
CVE-2026-24368
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.62%
||
7 Day CHG+0.01%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

Action-Not Available
Vendor-Theme-one
Product-The Grid
CWE ID-CWE-862
Missing Authorization
CVE-2023-45760
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.42%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 11:59
Updated-29 May, 2025 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpDiscuz plugin <= 7.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3.

Action-Not Available
Vendor-gvectorsgVectors Team
Product-wpdiscuzwpDiscuz
CWE ID-CWE-862
Missing Authorization
CVE-2026-24532
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.65%
||
7 Day CHG-0.03%
Published-23 Jan, 2026 | 14:28
Updated-17 Feb, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SiteLock Security plugin <= 5.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through 5.0.2.

Action-Not Available
Vendor-SiteLock
Product-SiteLock Security – WP Hardening, Login Security & Malware Scans
CWE ID-CWE-862
Missing Authorization
CVE-2026-24380
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.62%
||
7 Day CHG+0.01%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EventPrime plugin <= 4.2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.

Action-Not Available
Vendor-Metagauss Inc.
Product-EventPrime
CWE ID-CWE-862
Missing Authorization
CVE-2026-23974
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.62%
||
7 Day CHG+0.01%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Golo theme < 1.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.

Action-Not Available
Vendor-uxper
Product-Golo
CWE ID-CWE-862
Missing Authorization
CVE-2026-24358
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.62%
||
7 Day CHG+0.01%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz And Survey Master plugin <= 10.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.3.

Action-Not Available
Vendor-ExpressTech Systems
Product-Quiz And Survey Master
CWE ID-CWE-862
Missing Authorization
CVE-2026-24356
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.62%
||
7 Day CHG+0.01%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.

Action-Not Available
Vendor-Roxnor
Product-GetGenie
CWE ID-CWE-862
Missing Authorization
CVE-2020-36698
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.19%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 06:35
Updated-12 Sep, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.

Action-Not Available
Vendor-cleantalkcleantalkcleantalk
Product-security_\&_malware_scanSecurity & Malware scan by CleanTalksecurity_\&_malware_scan
CWE ID-CWE-862
Missing Authorization
CVE-2024-50455
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.79%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:03
Updated-07 Nov, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.

Action-Not Available
Vendor-seopressThe SEO Guys at SEOPress
Product-seopressSEOPress
CWE ID-CWE-862
Missing Authorization
CVE-2020-36725
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.47% / 64.16%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-23 Dec, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings.

Action-Not Available
Vendor-templateinvaderstemplateinvadersTemplateInvaders
Product-ti_woocommerce_wishlistTI WooCommerce WishlistTI WooCommerce Wishlist Pro
CWE ID-CWE-862
Missing Authorization
CVE-2026-22472
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.62%
||
7 Day CHG+0.01%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Form Builder plugin <= 3.9.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6.

Action-Not Available
Vendor-hassantafreshi
Product-Easy Form Builder
CWE ID-CWE-862
Missing Authorization
CVE-2026-22481
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.62%
||
7 Day CHG+0.01%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BD Courier Order Ratio Checker plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1.

Action-Not Available
Vendor-Rasedul Haque Rumi
Product-BD Courier Order Ratio Checker
CWE ID-CWE-862
Missing Authorization
CVE-2020-3443
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.77% / 73.23%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 16:16
Updated-13 Nov, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-smart_software_manager_on-premCisco Smart Software Manager On-Prem
CWE ID-CWE-264
Not Available
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 11
  • 12
  • Next
Details not found