Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-26358

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-19 Feb, 2026 | 08:47
Updated At-19 Feb, 2026 | 08:47
Rejected At-
Credits

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:19 Feb, 2026 | 08:47
Updated At:19 Feb, 2026 | 08:47
Rejected At:
▼CVE Numbering Authority (CNA)

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Affected Products
Vendor
Dell Inc.Dell
Product
Unisphere for PowerMax
Default Status
unaffected
Versions
Affected
  • From N/A before 10.3.0.1 or later (semver)
Vendor
Dell Inc.Dell
Product
PowerMax
Default Status
unaffected
Versions
Affected
  • From N/A before 10.3.0.1 or later (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862: Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities
Resource:
vendor-advisory
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:19 Feb, 2026 | 09:16
Updated At:19 Feb, 2026 | 15:52

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity_alert@emc.com
CWE ID: CWE-862
Type: Primary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilitiessecurity_alert@emc.com
N/A
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities
Source: security_alert@emc.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

596Records found
CVE-2025-36588
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.06% / 19.43%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 15:52
Updated-03 Feb, 2026 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermaxunisphere_for_powermax_virtual_applianceUnisphere for PowerMax Virtual ApplianceUnisphere for PowerMax
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-29987
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.94%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 15:18
Updated-22 Jan, 2026 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_domaindata_domain_operating_systempowerprotect_dm5500_firmwarepowerprotect_dm5500DD OS 7.10DD OS 7.13PowerProtect DP Series Appliance (IDPA)DD OS 8.3
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CVE-2025-26477
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.58% / 68.30%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 11:45
Updated-01 Aug, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageobjectscaleECS
CWE ID-CWE-20
Improper Input Validation
CVE-2024-52535
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.43% / 62.05%
||
7 Day CHG~0.00%
Published-25 Dec, 2024 | 14:41
Updated-29 Jan, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist for Home PCsSupportAssist for Business PCs
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-49559
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.22%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 17:29
Updated-30 Apr, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-1393
Use of Default Password
CVE-2024-48016
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 29.26%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 16:34
Updated-13 Dec, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Appliance - SRS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-45766
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8||HIGH
EPSS-0.51% / 65.78%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 01:59
Updated-02 Dec, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterpriseDell OpenManage Enterpriseopenmanage_enterprise
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-18581
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-2.20% / 84.09%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 18:20
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idpa_dp8300emc_integrated_data_protection_appliance_firmwareemc_data_protection_advisoremc_idpa_dp5800emc_idpa_dp4400emc_idpa_dp8800Data Protection Advisor
CWE ID-CWE-862
Missing Authorization
CVE-2020-5345
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.46% / 63.50%
||
7 Day CHG~0.00%
Published-23 Jun, 2020 | 20:00
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unisphere_for_powermaxpowermax_osemc_unisphere_for_powermax_virtual_applianceUnisphere for PowerMax
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-862
Missing Authorization
CVE-2020-5362
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.94%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 20:40
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_13_2-in-1_7359inspiron_15_7570_firmwarevostro_5391_firmwareinspiron_3470latitude_e7270inspiron_7790_aioinspiron_7591_2_in_1optiplex_5480_aiovostro_3669precision_7820_firmwarevostro_3558_firmwareinspiron_5590_firmwarelatitude_e5550g7_17_7790_firmwareinspiron_14_gaming_7466_firmwareoptiplex_3280_aio_firmwarelatitude_5179inspiron_17_2-in-1_7779latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwareinsprion_5491_aiolatitude_e5270wyse_7040_thin_clientinspiron_15_2-in-1_5578latitude_5590optiplex_5080latitude_5511latitude_7390_2-in-1latitude_7214_rugged_extreme_firmwareinspiron_7501precision_5550inspiron_7580_firmwareprecision_7920inspiron_3583precision_7720vostro_5581_firmwarexps_12_9250_firmwarelatitude_3380_firmwareoptiplex_7760_aioprecision_5530_firmwareinsprion_5491_aio_firmwareoptiplex_5040vostro_15_7580inspiron_14_5468inspiron_13_7370_firmwareprecision_tower_3431_small_form_factor_firmwareinspiron_7391_2_in_1_firmwareinspiron_15_3559_firmwareoptiplex_5050latitude_3460_firmwareg5_15_5500_firmwareinspiron_15_2-in-1_7568_firmwareinspiron_15_gaming_7577latitude_3470optiplex_3050_aioinspiron_5400_2_in1precision_3620_towerxps_13_9360vostro_14_3478_firmwareoptiplex_3060_firmwareinspiron_5490_aio_firmwarelatitude_3590_firmwareinspiron_5557latitude_7490_firmwarelatitude_7250_firmwareinspiron_14_7460_firmwareinspiron_15_2-in-1_7569precision_5520xps_7390_2-in-1_firmwareinspiron_7490_firmwareoptiplex_7480_aioprecision_5720_aiolatitude_5591xps_15_9570inspiron_14_3459inspiron_3471optiplex_5050_firmwareprecision_7520_firmwarelatitude_5175_firmwarelatitude_5250inspiron_13_7370inspiron_7586optiplex_3040_firmwarelatitude_3400optiplex_5070optiplex_7460_aio_firmwarevostro_3458_firmwareoptiplex_7071_towerprecision_3430optiplex_3280_aioinspiron_14_7460latitude_7285_firmwarexps_13_9370_firmwarelatitude_3560vostro_3581_firmwarelatitude_7275vostro_3581latitude_9410optiplex_7070latitude_3570optiplex_7080_firmwarelatitude_5420_rugged_firmwarelatitude_5310inspiron_15_5567vostro_5391optiplex_aio_7470_firmwarelatitude_3301inspiron_5594latitude_5420_ruggedvostro_3268_firmwarevostro_3660latitude_7390_2-in-1_firmwarechengming_3967inspiron_5457latitude_7480_firmwarelatitude_3350_firmwarevostro_14_5468_firmwarelatitude_e5470_firmwarechengming_3977vostro_5090latitude_3190vostro_5370inspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488inspiron_13_2-in-1_7359_firmwarelatitude_7380vostro_14_5468xps_15_9560inspiron_3580_firmwareinspiron_14_gaming_7466inspiron_3781_firmwarelatitude_5550_firmwarevostro_5370_firmwareinspiron_13_2-in-1_7373vostro_3670_firmwareinspiron_15_2-in-1_5568inspiron_15_gaming_7577_firmwareinspiron_13_2-in-1_7378latitude_7214_rugged_extremelatitude_7275_firmwarexps_7380_firmwarelatitude_3310precision_7520latitude_5290_2-in-1vostro_15_3578_firmwarevostro_3660_firmwarewyse_5470_all-in-one_firmwareinspiron_5482precision_7820_towerlatitude_7290optiplex_3240_aiolatitude_7212_rugged_extreme_tablet_firmwareinspiron_17_2-in-1_7773_firmwarelatitude_7480latitude_7210_2_in_1_firmwarevostro_3881inspiron_7391_firmwarewyse_5470_firmwareinspiron_5593latitude_5550inspiron_7580vostro_5390_firmwareinspiron_3668inspiron_5770latitude_3580latitude_7250precision_5820_tower_firmwareinspiron_3668_firmwareinspiron_5559_firmwareinspiron_3493_firmwareinspiron_7590_2_in_1_firmwarevostro_3558vostro_5300latitude_3190_2-in-1_firmwarelatitude_5285inspiron_5480_firmwareinspiron_3590chengming_3967_firmwareoptiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268latitude_7350_firmwareinspiron_15-3552optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510latitude_3301_firmwarevostro_3481_firmwarelatitude_5491optiplex_7040inspiron_7386inspiron_5591_2-in-1_firmwareinspiron_11_2-in-1_3158_firmwarelatitude_7280g3_15_3500inspiron_7591_2_in_1_firmwarevostro_3459latitude_5410precision_3541optiplex_7050_firmwareinspiron_7300_2_in_1_firmwareprecision_7730_firmwarelatitude_3379_firmwareprecision_3551inspiron_17_5767precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwarelatitude_7350optiplex_7780_aio_firmwarelatitude_7414_rugged_firmwareg7_17_7790optiplex_aio_7770_firmwareoptiplex_5260_aio_firmwarelatitude_7285g7_15_7590inspiron_13_2-in-1_5379_firmwareinspiron_7391vostro_3671_firmwareinspiron_15_2-in-1_5578_firmwareprecision_3440precision_7510_firmwareinspiron_7300_2_in_1optiplex_5250_firmwarelatitude_e5450inspiron_7390_2_in_1_firmwareinspiron_3576inspiron_3671_firmwareinspiron_14_gaming_7467_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwareinspiron_3781inspiron_3576_firmwareinspiron_5300_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwarevostro_7500inspiron_7590_firmwareinspiron_5491_2_in_1latitude_3460_mobile_thin_clientinspiron_15_3567latitude_7389vostro_3681vostro_3591latitude_3560_firmwareinspiron_5570_firmwareprecision_7920_towervostro_3559_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593inspiron_5370latitude_5250_firmwareoptiplex_7460_aioinspiron_5491_2_in_1_firmwareinspiron_3481_firmwareprecision_5530inspiron_15_gaming_7567inspiron_14_3458_firmwarelatitude_7310_firmwareoptiplex_7440_aiooptiplex_7071_tower_firmwareinspiron_3790_firmwareinspiron_3584_firmwarelatitude_9510latitude_5280_mobile_thin_client_firmwarevostro_3591_firmwareinspiron_3583_firmwareinspiron_5770_firmwareinspiron_7586_firmwareprecision_tower_3431_small_form_factorlatitude_3180_firmwarevostro_3681_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarexps_8900_firmwarexps_15_9570_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwarevostro_3668latitude_7280_firmwarevostro_3670latitude_5280latitude_5179_firmwareoptiplex_3240_aio_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwarelatitude_e7450_firmwareprecision_3930_rackprecision_5530_2-in_1vostro_3490inspiron_5391g5_15_5590_firmwareinspiron_5598latitude_e5550_firmwareg7_15_7590_firmwarexps_13_2-in-1_9365_firmwarelatitude_3480inspiron_15_2-in-1_5579inspiron_5459xps_13_9300_firmwarelatitude_e7450inspiron_14_3468_firmwarelatitude_5280_mobile_thin_clientvostro_3671inspiron_7591inspiron_13_2-in-1_7368_firmwarelatitude_7310inspiron_7500_2_in_1optiplex_5270_aioinspiron_7500latitude_3379vostro_3584_firmwareinspiron_15_2-in-1_7579_firmwareinspiron_5457_firmwarechengming_3990_firmwarelatitude_3390_2-in-1_firmwarelatitude_7414_ruggedvostro_15_5568inspiron_15_5567_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareinspiron_14_5490_firmwareprecision_5530_2-in_1_firmwarevostro_3458optiplex_7060vostro_14_3468_firmwarelatitude_5290_firmwarelatitude_7424_rugged_extremeg5_5090_firmwarelatitude_7390vostro_3491_firmwareg3_15_3590vostro_3480_firmwareprecision_7510inspiron_5490_aioxps_27_aio_7760_firmwarechengming_3991_firmwarevostro_7590_firmwarelatitude_e5250_firmwareprecision_3510_firmwarewyse_5070_thin_client_firmwareinspiron_11_2-in-1_3158inspiron_5759latitude_7389_firmwarelatitude_e7470precision_3630_tower_firmwareinspiron_13_2-in-1_7373_firmwareoptiplex_5040_firmwareinspiron_3581inspiron_15_5566_firmwarelatitude_5424_ruggedlatitude_5488_firmwareinspiron_7590_2_in_1inspiron_5583inspiron_7500_firmwareinspiron_15_3559inspiron_5591_2-in-1precision_3541_firmwarelatitude_3480_mobile_thin_client_firmwareprecision_7920_firmwareinspiron_15_7572xps_27_aio_7760inspiron_3476_firmwarevostro_3881_firmwarevostro_3490_firmwarelatitude_5511_firmwareoptiplex_7040_firmwareinspiron_5493inspiron_17_2-in-1_7779_firmwareprecision_3550latitude_7370latitude_7370_firmwarexps_7380optiplex_5070_firmwareinspiron_7790_aio_firmwarelatitude_3390_2-in-1latitude_3310_2-in-1inspiron_5390_firmwarelatitude_5490inspiron_17_2-in-1_7773inspiron_13_2-in-1_7378_firmwareinspiron_7390_2_in_1vostro_3070_firmwareprecision_5720_aio_firmwarexps_13_2-in-1_9365latitude_3190_2-in-1vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_5310_2_in_1_firmwareinspiron_17_5767_firmwarelatitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_3070_firmwareinspiron_15_gaming_7566inspiron_13_2-in-1_5378latitude_7410_firmwarevostro_3667latitude_e7470_firmwareprecision_7720_firmwareinspiron_3476inspiron_3780inspiron_7380_firmwarelatitude_7390_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarelatitude_3400_firmwarelatitude_3510inspiron_15_3568_firmwareinspiron_5584precision_3520latitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5080_firmwareinspiron_14_3459_firmwareinspiron_15_7570latitude_e5270_firmwareinspiron_5493_firmwarevostro_3471inspiron_3480_firmwareoptiplex_5060_firmwarevostro_3590vostro_5390latitude_e7250_firmwareinspiron_11_2-in-1_3153vostro_5590_firmwarelatitude_3470_firmwareprecision_7530_firmwareinspiron_3790vostro_3583_firmwareinspiron_15_5566inspiron_15_gaming_7567_firmwarelatitude_3190_firmwareinspiron_5494optiplex_5260_aioinspiron_15_2-in-1_5579_firmwarelatitude_e7270_mobile_thin_clientg3_3779_firmwarexps_13_9300vostro_15_3578latitude_3500_firmwareoptiplex_aio_7770inspiron_13_2-in-1_5379latitude_5285_firmwarelatitude_7210_2_in_1chengming_3991latitude_5288_firmwareinspiron_5559inspiron_7501_firmwareinspiron_5480inspiron_15_2-in-1_7569_firmwareoptiplex_7760_aio_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwareprecision_7710_firmwarelatitude_3590inspiron_5400_2_in1_firmwareinspiron_7472_firmwarechengming_3990optiplex_7780_aiovostro_3583latitude_5491_firmwarevostro_5880_firmwareinspiron_3493inspiron_15_7560xps_15_9560_firmwarevostro_14_3468optiplex_3060optiplex_5060chengming_3988_firmwareinspiron_15_2-in-1_7573_firmwareinspiron_3584inspiron_5482_firmwarelatitude_3410_firmwarevostro_5481wyse_5470_all-in-oneprecision_3530_firmwareinspiron_5583_firmwareinspiron_15_2-in-1_7579latitude_5580_firmwarelatitude_3189vostro_3580inspiron_7472latitude_5175inspiron_14_3467_firmwarevostro_3491inspiron_13_2-in-1_5368vostro_15_3568embedded_box_pc_5000optiplex_7480_aio_firmwareinspiron_15_2-in-1_5568_firmwarexps_7390_2-in-1xps_8900inspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_5557_firmwareinspiron_7386_firmwarelatitude_3460_mobile_thin_client_firmwareoptiplex_7080vostro_7500_firmwarelatitude_5480vostro_5471_firmwareinspiron_17_2-in-1_7778_firmwarevostro_3559optiplex_3046g3_15_3500_firmwarelatitude_e7270_mobile_thin_client_firmwarelatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwareinspiron_14_5490inspiron_17_2-in-1_7778inspiron_13_2-in-1_5368_firmwarelatitude_5510vostro_5300_firmwarewyse_5470inspiron_3593_firmwareinspiron_5459_firmwarevostro_3459_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareinspiron_7786_firmwarelatitude_3310_2-in-1_firmwarelatitude_5310_2_in_1vostro_15_3568_firmwarelatitude_7410inspiron_3590_firmwareprecision_3430_firmwarelatitude_5411optiplex_7450_firmwareoptiplex_7450optiplex_3050_aio_firmwarexps_15_2-in-1_9575_firmwareinspiron_15_3567_firmwareg3_3579_firmwarevostro_15_5568_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_13_9360_firmwarevostro_3590_firmwareinspiron_5498optiplex_7440_aio_firmwareinspiron_14_5468_firmwareinspiron_7591_firmwarexps_15_7500latitude_5290inspiron_5300latitude_5289_firmwareprecision_5550_firmwarechengming_3980_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwareinspiron_5590latitude_3350vostro_5481_firmwarevostro_5490vostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671optiplex_aio_7470inspiron_15_2-in-1_7573inspiron_5582inspiron_5498_firmwareinspiron_13_2-in-1_7368precision_5540vostro_5490_firmwareinspiron_14_3473inspiron_14_3458inspiron_3480optiplex_5270_aio_firmwareinspiron_13_2-in-1_7353latitude_3490latitude_e5450_firmwareprecision_3930_rack_firmwareinspiron_3670inspiron_3793_firmwarelatitude_3300_firmwarevostro_5471precision_3640_towerxps_15_7500_firmwareinspiron_11_2-in-1_3153_firmwareinspiron_5759_firmwareinspiron_7391_2_in_1vostro_5581inspiron_3490latitude_5510_firmwareinspiron_3670_firmwarelatitude_3480_mobile_thin_clientlatitude_7212_rugged_extreme_tabletvostro_15_7570latitude_e5570_firmwareoptiplex_3046_firmwarelatitude_3380inspiron_15_gaming_7566_firmwarelatitude_5289inspiron_5582_firmwarelatitude_3460precision_7820vostro_3471_firmwarelatitude_3410precision_5510_firmwareprecision_3420_towerg5_15_5590wyse_5070_thin_clientinspiron_3881xps_13_9380inspiron_14_gaming_7467precision_3420_tower_firmwareoptiplex_5480_aio_firmwarelatitude_5490_firmwarelatitude_5591_firmwarelatitude_5310_firmwarelatitude_3500vostro_3070inspiron_3793inspiron_5481_firmwareprecision_5520_firmwarexps_12_9250chengming_3988inspiron_13_2-in-1_7353_firmwarelatitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareprecision_5540_firmwarevostro_5590inspiron_3268_firmwarexps_15_2-in-1_9575inspiron_13_2-in-1_5378_firmwarevostro_3480inspiron_7500_2_in_1_firmwareg5_15_5500latitude_5450inspiron_15_3568inspiron_5593_firmwareprecision_3630_towerg5_5587latitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedoptiplex_3070optiplex_3040inspiron_15_2-in-1_7568latitude_5450_firmwarelatitude_7290_firmwareprecision_7530inspiron_5370_firmwarechengming_3977_firmwareinspiron_15_7560_firmwareinspiron_5391_firmwarelatitude_e5250embedded_box_pc_5000_firmwareoptiplex_7050inspiron_14_3468inspiron_3490_firmwareprecision_3510vostro_14_3478xps_13_9380_firmwarelatitude_7490inspiron_5390latitude_5288optiplex_7060_firmwareg3_3779inspiron_15-3552_firmwareinspiron_14_3473_firmwareoptiplex_5250vostro_3667_firmwarelatitude_e7250precision_7920_tower_firmwarevostro_15_7570_firmwareDell Client Consumer and Commercial platforms
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2020-5368
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.72%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 22:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_d560f_firmwarevxrail_d560fvxrail_d560vxrail_d560_firmwareVxRail
CWE ID-CWE-862
Missing Authorization
CVE-2024-53298
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 46.54%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 13:51
Updated-11 Jul, 2025 | 12:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-862
Missing Authorization
CVE-2024-49596
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 28.77%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 02:56
Updated-04 Feb, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management SuiteWyse Management Suite Repositorywyse_management_suitedell_wyse_management_suite_repository
CWE ID-CWE-862
Missing Authorization
CVE-2025-12845
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-Not Assigned
Published-19 Feb, 2026 | 03:25
Updated-19 Feb, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0.5.4 - 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() function in versions 0.5.4 to 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve plugin table data that can expose email log information. Attackers can leverage this on sites where the table log is enabled in order to trigger a password reset and obtain the reset key.

Action-Not Available
Vendor-essekia
Product-Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent
CWE ID-CWE-862
Missing Authorization
CVE-2025-13603
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-Not Assigned
Published-19 Feb, 2026 | 04:36
Updated-19 Feb, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag_htaccess_callback" function This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the site's .htaccess file with arbitrary content, which can lead to arbitrary file read on the server under certain configurations.

Action-Not Available
Vendor-husainali52
Product-WP AUDIO GALLERY
CWE ID-CWE-862
Missing Authorization
CVE-2026-0974
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-Not Assigned
Published-19 Feb, 2026 | 04:36
Updated-19 Feb, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Orderable <= 1.20.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'install_plugin' function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins, which can lead to Remote Code Execution.

Action-Not Available
Vendor-orderable
Product-Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2019-25351
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Feb, 2026 | 21:54
Updated-19 Feb, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Centova Cast 3.2.11 - Arbitrary File Download

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.

Action-Not Available
Vendor-Centova Technologies Inc.
Product-Centova Cast
CWE ID-CWE-862
Missing Authorization
CVE-2024-39635
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 May, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Youzify plugin <= 1.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youzify: from n/a through 1.2.6.

Action-Not Available
Vendor-kainelabsKaineLabs
Product-youzifyYouzify
CWE ID-CWE-862
Missing Authorization
CVE-2024-38707
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 38.19%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-24 Mar, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.

Action-Not Available
Vendor-WPDeveloper
Product-embedpressEmbedPress
CWE ID-CWE-862
Missing Authorization
CVE-2023-41945
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.06% / 18.54%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 12:09
Updated-26 Sep, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.

Action-Not Available
Vendor-Jenkins
Product-assembla_authJenkins Assembla Auth Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2026-24358
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.36%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz And Survey Master plugin <= 10.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.3.

Action-Not Available
Vendor-ExpressTech Systems
Product-Quiz And Survey Master
CWE ID-CWE-862
Missing Authorization
CVE-2024-37453
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.24%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-10 Feb, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.8.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid: from n/a through 5.8.7.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGrid
CWE ID-CWE-862
Missing Authorization
CVE-2026-23974
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.36%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Golo theme < 1.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.

Action-Not Available
Vendor-uxper
Product-Golo
CWE ID-CWE-862
Missing Authorization
CVE-2026-24534
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.36%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 14:28
Updated-26 Jan, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booter plugin <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <= 1.5.7.

Action-Not Available
Vendor-uPress
Product-Booter
CWE ID-CWE-862
Missing Authorization
CVE-2024-37901
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-9.74% / 92.77%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 15:19
Updated-06 Sep, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platformxwiki
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-37232
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.63% / 69.80%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hercules Core plugin <= 6.5 - Subscriber+ Arbitrary Settings Change/Access vulnerability

Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5.

Action-Not Available
Vendor-Hercules Designtoddnestor
Product-Hercules Corehercules_core
CWE ID-CWE-862
Missing Authorization
CVE-2023-41870
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.09%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:24
Updated-11 Feb, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Crowdfunding plugin <= 2.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5.

Action-Not Available
Vendor-Themeum
Product-wp_crowdfundingWP Crowdfunding
CWE ID-CWE-862
Missing Authorization
CVE-2024-35723
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.30%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:50
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0.

Action-Not Available
Vendor-arwebdesignAndrew Rapps
Product-dashboard_to-do_listDashboard To-Do List
CWE ID-CWE-862
Missing Authorization
CVE-2024-35674
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.73%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 16:19
Updated-14 Oct, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerability

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.109.

Action-Not Available
Vendor-unlimited-elementsUnlimited Elementsunlimited-elements
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)
CWE ID-CWE-862
Missing Authorization
CVE-2024-35720
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.73%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:59
Updated-25 Sep, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.

Action-Not Available
Vendor-A WP Life
Product-album_galleryAlbum Gallery – WordPress Gallery
CWE ID-CWE-862
Missing Authorization
CVE-2023-39544
Matching Score-4
Assigner-NEC Corporation
ShareView Details
Matching Score-4
Assigner-NEC Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 21.17%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 05:28
Updated-29 Aug, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

Action-Not Available
Vendor-NEC Corporation
Product-expresscluster_x_singleserversafeexpresscluster_xCLUSTERPRO X(EXPRESSCLUSTER X)CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)
CWE ID-CWE-862
Missing Authorization
CVE-2024-35717
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.73%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 08:00
Updated-25 Sep, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through 1.3.9.

Action-Not Available
Vendor-A WP Life
Product-media_sliderMedia Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow
CWE ID-CWE-862
Missing Authorization
CVE-2024-35724
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.30%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:49
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12.

Action-Not Available
Vendor-bosathemesBosa Themes
Product-bosa_elementor_addons_and_templates_for_woocommerceBosa Elementor Addons and Templates for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-35721
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.73%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:57
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5.

Action-Not Available
Vendor-A WP Life
Product-image_galleryImage Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery
CWE ID-CWE-862
Missing Authorization
CVE-2024-35716
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.44%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:19
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Copymatic plugin <= 1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.9.

Action-Not Available
Vendor-copymaticCopymaticcopymatic
Product-copymaticCopymatic – AI Content Writer & Generatorcopymatic
CWE ID-CWE-862
Missing Authorization
CVE-2024-35725
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.49% / 65.13%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:48
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6.

Action-Not Available
Vendor-la-studiowebLA-Studio
Product-element_kit_for_elementorLA-Studio Element Kit for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-33564
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.24% / 46.96%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:02
Updated-01 Nov, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.

Action-Not Available
Vendor-8theme8theme8theme
Product-xstoreXStorexstore
CWE ID-CWE-862
Missing Authorization
CVE-2023-39922
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.30%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 12:17
Updated-05 Feb, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.

Action-Not Available
Vendor-Avada (ThemeFusion)
Product-avadaAvada
CWE ID-CWE-862
Missing Authorization
CVE-2024-33547
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.3||HIGH
EPSS-0.43% / 61.73%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:08
Updated-01 Nov, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WZone plugin <= 14.0.10 - Site Wide Broken Access Control vulnerability

Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.

Action-Not Available
Vendor-aa-teamAA-Team
Product-wzoneWZone
CWE ID-CWE-862
Missing Authorization
CVE-2024-33595
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.49% / 65.06%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 09:16
Updated-03 Feb, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on Duplicate Post vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.

Action-Not Available
Vendor-master-addonsJewel Theme
Product-master_addonsMaster Addons for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-34435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.30%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:57
Updated-26 Nov, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Aiomatic plugin <= 1.9.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3.

Action-Not Available
Vendor-coderevolutionCodeRevolution
Product-aiomaticAiomatic
CWE ID-CWE-862
Missing Authorization
CVE-2024-33572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.52%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:00
Updated-26 Nov, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Plus Blocks for Block Editor | Gutenberg plugin <= 3.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through 3.2.5.

Action-Not Available
Vendor-posimythPOSIMYTH
Product-nexter_blocksThe Plus Blocks for Block Editor | Gutenberg
CWE ID-CWE-862
Missing Authorization
CVE-2024-33555
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.33% / 55.58%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:07
Updated-01 Nov, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XStore Core plugin <= 5.3.8 - Multiple Authenticated Broken Access Control vulnerability

Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.

Action-Not Available
Vendor-8theme8theme
Product-xstore_coreXStore Core
CWE ID-CWE-862
Missing Authorization
CVE-2024-33912
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.34% / 55.86%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 19:07
Updated-03 Feb, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability

Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16.

Action-Not Available
Vendor-kodezenAcademy LMSkodezen
Product-academy_lmsAcademy LMSacademy_lms
CWE ID-CWE-862
Missing Authorization
CVE-2024-32081
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.30%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:37
Updated-02 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerability

Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.

Action-Not Available
Vendor-websupporter_filter_custom_fields_\&_taxonomies_light_projectWebsupporter
Product-websupporter_filter_custom_fields_\&_taxonomies_lightFilter Custom Fields & Taxonomies Light
CWE ID-CWE-862
Missing Authorization
CVE-2024-31987
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-33.68% / 96.83%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 20:32
Updated-21 Jan, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki Platform remote code execution from account via custom skins support

XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platformxwiki-platform
CWE ID-CWE-862
Missing Authorization
CVE-2024-32818
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.30%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:37
Updated-26 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wordpress_meta_data_and_taxonomies_filterWordPress Meta Data and Taxonomies Filter (MDTF)
CWE ID-CWE-862
Missing Authorization
CVE-2024-32713
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.72%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 17:08
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Post Generator | AutoWriter plugin <= 3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.This issue affects AI Post Generator | AutoWriter: from n/a through 3.3.

Action-Not Available
Vendor-autowriterAutoWriter
Product-ai_post_generator_\|_autowriterAI Post Generator | AutoWriter
CWE ID-CWE-862
Missing Authorization
CVE-2024-32681
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.93%
||
7 Day CHG~0.00%
Published-22 Apr, 2024 | 10:41
Updated-04 Feb, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.

Action-Not Available
Vendor-BdThemeselementorBdThemes
Product-prime_sliderPrime Slider – Addons For Elementorelementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-32143
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.55% / 67.33%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 17:03
Updated-19 Mar, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Podlove Podcast Publisher plugin <= 4.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.

Action-Not Available
Vendor-podlovePodlovepodlove
Product-podlove_podcast_publisherPodlove Podcast Publisherpodlove_podcast_publisher
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 11
  • 12
  • Next
Details not found