Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-32658

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-11 May, 2026 | 08:43
Updated At-11 May, 2026 | 15:50
Rejected At-
Credits

Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:11 May, 2026 | 08:43
Updated At:11 May, 2026 | 15:50
Rejected At:
▼CVE Numbering Authority (CNA)

Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Affected Products
Vendor
Dell Inc.Dell
Product
Automation Platform
Default Status
unaffected
Versions
Affected
  • From 0 before 2.0.0.0 or later (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862: Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000458049/dsa-2026-193-security-update-for-dell-automation-platform-multiple-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000458049/dsa-2026-193-security-update-for-dell-automation-platform-multiple-vulnerabilities
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:11 May, 2026 | 10:16
Updated At:13 May, 2026 | 18:00

Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.0HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>automation_platform>>Versions before 2.0.0.0(exclusive)
cpe:2.3:a:dell:automation_platform:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity_alert@emc.com
CWE ID: CWE-862
Type: Primary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000458049/dsa-2026-193-security-update-for-dell-automation-platform-multiple-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000458049/dsa-2026-193-security-update-for-dell-automation-platform-multiple-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

605Records found
CVE-2022-45097
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.32% / 55.10%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 04:50
Updated-27 Mar, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-842
Placement of User into Incorrect Group
CVE-2024-22457
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.87% / 75.46%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 11:04
Updated-04 Dec, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Appliance - SRSsecure_connect_gateway
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-22461
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-1.87% / 83.31%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 13:25
Updated-04 Feb, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for Virtual Machines
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-44304
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-2.30% / 84.91%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 08:19
Updated-21 Nov, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DM5500 contains a privilege escalation vulnerability in the appliance. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance.

Action-Not Available
Vendor-Dell Inc.
Product-dm5500_firmwaredm5500Dell PowerProtect Data Manager DM5500 Appliance
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34446
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.20%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:44
Updated-26 Mar, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-285
Improper Authorization
CVE-2022-34427
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-3.45% / 87.63%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:40
Updated-16 May, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34456
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-2.22% / 84.67%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 05:11
Updated-03 Apr, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.

Action-Not Available
Vendor-Dell Inc.
Product-emc_metro_nodeMetro node
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-34426
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-4.40% / 89.10%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:40
Updated-16 May, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34375
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.39% / 60.34%
||
7 Day CHG~0.00%
Published-30 Aug, 2022 | 20:25
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34374
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-4.90% / 89.69%
||
7 Day CHG~0.00%
Published-30 Aug, 2022 | 20:25
Updated-16 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33928
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 30.70%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 16:31
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-5353
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.54%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 15:55
Updated-17 Sep, 2024 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsemc_powerscale_onefsIsilon OneFS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-5331
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.30%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-53298
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 72.18%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 13:51
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-862
Missing Authorization
CVE-2019-18581
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-2.20% / 84.61%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 18:20
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idpa_dp8300emc_integrated_data_protection_appliance_firmwareemc_data_protection_advisoremc_idpa_dp5800emc_idpa_dp4400emc_idpa_dp8800Data Protection Advisor
CWE ID-CWE-862
Missing Authorization
CVE-2018-1217
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-65.91% / 98.53%
||
7 Day CHG~0.00%
Published-09 Apr, 2018 | 20:00
Updated-16 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamarAvamar, Integrated Data Protection Appliance
CWE ID-CWE-862
Missing Authorization
CVE-2024-49596
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 28.18%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 02:56
Updated-04 Feb, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management SuiteWyse Management Suite Repositorywyse_management_suitedell_wyse_management_suite_repository
CWE ID-CWE-862
Missing Authorization
CVE-2020-5345
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.46% / 64.20%
||
7 Day CHG~0.00%
Published-23 Jun, 2020 | 20:00
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unisphere_for_powermaxpowermax_osemc_unisphere_for_powermax_virtual_applianceUnisphere for PowerMax
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-862
Missing Authorization
CVE-2020-5368
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 70.41%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 22:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_d560f_firmwarevxrail_d560fvxrail_d560vxrail_d560_firmwareVxRail
CWE ID-CWE-862
Missing Authorization
CVE-2020-5362
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.04%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 20:40
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_13_2-in-1_7359inspiron_15_7570_firmwarevostro_5391_firmwareinspiron_3470latitude_e7270inspiron_7790_aioinspiron_7591_2_in_1optiplex_5480_aiovostro_3669precision_7820_firmwarevostro_3558_firmwareinspiron_5590_firmwarelatitude_e5550g7_17_7790_firmwareinspiron_14_gaming_7466_firmwareoptiplex_3280_aio_firmwarelatitude_5179inspiron_17_2-in-1_7779latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwareinsprion_5491_aiolatitude_e5270wyse_7040_thin_clientinspiron_15_2-in-1_5578latitude_5590optiplex_5080latitude_5511latitude_7390_2-in-1latitude_7214_rugged_extreme_firmwareinspiron_7501precision_5550inspiron_7580_firmwareprecision_7920inspiron_3583precision_7720vostro_5581_firmwarexps_12_9250_firmwarelatitude_3380_firmwareoptiplex_7760_aioprecision_5530_firmwareinsprion_5491_aio_firmwareoptiplex_5040vostro_15_7580inspiron_14_5468inspiron_13_7370_firmwareprecision_tower_3431_small_form_factor_firmwareinspiron_7391_2_in_1_firmwareinspiron_15_3559_firmwareoptiplex_5050latitude_3460_firmwareg5_15_5500_firmwareinspiron_15_2-in-1_7568_firmwareinspiron_15_gaming_7577latitude_3470optiplex_3050_aioinspiron_5400_2_in1precision_3620_towerxps_13_9360vostro_14_3478_firmwareoptiplex_3060_firmwareinspiron_5490_aio_firmwarelatitude_3590_firmwareinspiron_5557latitude_7490_firmwarelatitude_7250_firmwareinspiron_14_7460_firmwareinspiron_15_2-in-1_7569precision_5520xps_7390_2-in-1_firmwareinspiron_7490_firmwareoptiplex_7480_aioprecision_5720_aiolatitude_5591xps_15_9570inspiron_14_3459inspiron_3471optiplex_5050_firmwareprecision_7520_firmwarelatitude_5175_firmwarelatitude_5250inspiron_13_7370inspiron_7586optiplex_3040_firmwarelatitude_3400optiplex_5070optiplex_7460_aio_firmwarevostro_3458_firmwareoptiplex_7071_towerprecision_3430optiplex_3280_aioinspiron_14_7460latitude_7285_firmwarexps_13_9370_firmwarelatitude_3560vostro_3581_firmwarelatitude_7275vostro_3581latitude_9410optiplex_7070latitude_3570optiplex_7080_firmwarelatitude_5420_rugged_firmwarelatitude_5310inspiron_15_5567vostro_5391optiplex_aio_7470_firmwarelatitude_3301inspiron_5594latitude_5420_ruggedvostro_3268_firmwarevostro_3660latitude_7390_2-in-1_firmwarechengming_3967inspiron_5457latitude_7480_firmwarelatitude_3350_firmwarevostro_14_5468_firmwarelatitude_e5470_firmwarechengming_3977vostro_5090latitude_3190vostro_5370inspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488inspiron_13_2-in-1_7359_firmwarelatitude_7380vostro_14_5468xps_15_9560inspiron_3580_firmwareinspiron_14_gaming_7466inspiron_3781_firmwarelatitude_5550_firmwarevostro_5370_firmwareinspiron_13_2-in-1_7373vostro_3670_firmwareinspiron_15_2-in-1_5568inspiron_15_gaming_7577_firmwareinspiron_13_2-in-1_7378latitude_7214_rugged_extremelatitude_7275_firmwarexps_7380_firmwarelatitude_3310precision_7520latitude_5290_2-in-1vostro_15_3578_firmwarevostro_3660_firmwarewyse_5470_all-in-one_firmwareinspiron_5482precision_7820_towerlatitude_7290optiplex_3240_aiolatitude_7212_rugged_extreme_tablet_firmwareinspiron_17_2-in-1_7773_firmwarelatitude_7480latitude_7210_2_in_1_firmwarevostro_3881inspiron_7391_firmwarewyse_5470_firmwareinspiron_5593latitude_5550inspiron_7580vostro_5390_firmwareinspiron_3668inspiron_5770latitude_3580latitude_7250precision_5820_tower_firmwareinspiron_3668_firmwareinspiron_5559_firmwareinspiron_3493_firmwareinspiron_7590_2_in_1_firmwarevostro_3558vostro_5300latitude_3190_2-in-1_firmwarelatitude_5285inspiron_5480_firmwareinspiron_3590chengming_3967_firmwareoptiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268latitude_7350_firmwareinspiron_15-3552optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510latitude_3301_firmwarevostro_3481_firmwarelatitude_5491optiplex_7040inspiron_7386inspiron_5591_2-in-1_firmwareinspiron_11_2-in-1_3158_firmwarelatitude_7280g3_15_3500inspiron_7591_2_in_1_firmwarevostro_3459latitude_5410precision_3541optiplex_7050_firmwareinspiron_7300_2_in_1_firmwareprecision_7730_firmwarelatitude_3379_firmwareprecision_3551inspiron_17_5767precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwarelatitude_7350optiplex_7780_aio_firmwarelatitude_7414_rugged_firmwareg7_17_7790optiplex_aio_7770_firmwareoptiplex_5260_aio_firmwarelatitude_7285g7_15_7590inspiron_13_2-in-1_5379_firmwareinspiron_7391vostro_3671_firmwareinspiron_15_2-in-1_5578_firmwareprecision_3440precision_7510_firmwareinspiron_7300_2_in_1optiplex_5250_firmwarelatitude_e5450inspiron_7390_2_in_1_firmwareinspiron_3576inspiron_3671_firmwareinspiron_14_gaming_7467_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwareinspiron_3781inspiron_3576_firmwareinspiron_5300_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwarevostro_7500inspiron_7590_firmwareinspiron_5491_2_in_1latitude_3460_mobile_thin_clientinspiron_15_3567latitude_7389vostro_3681vostro_3591latitude_3560_firmwareinspiron_5570_firmwareprecision_7920_towervostro_3559_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593inspiron_5370latitude_5250_firmwareoptiplex_7460_aioinspiron_5491_2_in_1_firmwareinspiron_3481_firmwareprecision_5530inspiron_15_gaming_7567inspiron_14_3458_firmwarelatitude_7310_firmwareoptiplex_7440_aiooptiplex_7071_tower_firmwareinspiron_3790_firmwareinspiron_3584_firmwarelatitude_9510latitude_5280_mobile_thin_client_firmwarevostro_3591_firmwareinspiron_3583_firmwareinspiron_5770_firmwareinspiron_7586_firmwareprecision_tower_3431_small_form_factorlatitude_3180_firmwarevostro_3681_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarexps_8900_firmwarexps_15_9570_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwarevostro_3668latitude_7280_firmwarevostro_3670latitude_5280latitude_5179_firmwareoptiplex_3240_aio_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwarelatitude_e7450_firmwareprecision_3930_rackprecision_5530_2-in_1vostro_3490inspiron_5391g5_15_5590_firmwareinspiron_5598latitude_e5550_firmwareg7_15_7590_firmwarexps_13_2-in-1_9365_firmwarelatitude_3480inspiron_15_2-in-1_5579inspiron_5459xps_13_9300_firmwarelatitude_e7450inspiron_14_3468_firmwarelatitude_5280_mobile_thin_clientvostro_3671inspiron_7591inspiron_13_2-in-1_7368_firmwarelatitude_7310inspiron_7500_2_in_1optiplex_5270_aioinspiron_7500latitude_3379vostro_3584_firmwareinspiron_15_2-in-1_7579_firmwareinspiron_5457_firmwarechengming_3990_firmwarelatitude_3390_2-in-1_firmwarelatitude_7414_ruggedvostro_15_5568inspiron_15_5567_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareinspiron_14_5490_firmwareprecision_5530_2-in_1_firmwarevostro_3458optiplex_7060vostro_14_3468_firmwarelatitude_5290_firmwarelatitude_7424_rugged_extremeg5_5090_firmwarelatitude_7390vostro_3491_firmwareg3_15_3590vostro_3480_firmwareprecision_7510inspiron_5490_aioxps_27_aio_7760_firmwarechengming_3991_firmwarevostro_7590_firmwarelatitude_e5250_firmwareprecision_3510_firmwarewyse_5070_thin_client_firmwareinspiron_11_2-in-1_3158inspiron_5759latitude_7389_firmwarelatitude_e7470precision_3630_tower_firmwareinspiron_13_2-in-1_7373_firmwareoptiplex_5040_firmwareinspiron_3581inspiron_15_5566_firmwarelatitude_5424_ruggedlatitude_5488_firmwareinspiron_7590_2_in_1inspiron_5583inspiron_7500_firmwareinspiron_15_3559inspiron_5591_2-in-1precision_3541_firmwarelatitude_3480_mobile_thin_client_firmwareprecision_7920_firmwareinspiron_15_7572xps_27_aio_7760inspiron_3476_firmwarevostro_3881_firmwarevostro_3490_firmwarelatitude_5511_firmwareoptiplex_7040_firmwareinspiron_5493inspiron_17_2-in-1_7779_firmwareprecision_3550latitude_7370latitude_7370_firmwarexps_7380optiplex_5070_firmwareinspiron_7790_aio_firmwarelatitude_3390_2-in-1latitude_3310_2-in-1inspiron_5390_firmwarelatitude_5490inspiron_17_2-in-1_7773inspiron_13_2-in-1_7378_firmwareinspiron_7390_2_in_1vostro_3070_firmwareprecision_5720_aio_firmwarexps_13_2-in-1_9365latitude_3190_2-in-1vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_5310_2_in_1_firmwareinspiron_17_5767_firmwarelatitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_3070_firmwareinspiron_15_gaming_7566inspiron_13_2-in-1_5378latitude_7410_firmwarevostro_3667latitude_e7470_firmwareprecision_7720_firmwareinspiron_3476inspiron_3780inspiron_7380_firmwarelatitude_7390_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarelatitude_3400_firmwarelatitude_3510inspiron_15_3568_firmwareinspiron_5584precision_3520latitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5080_firmwareinspiron_14_3459_firmwareinspiron_15_7570latitude_e5270_firmwareinspiron_5493_firmwarevostro_3471inspiron_3480_firmwareoptiplex_5060_firmwarevostro_3590vostro_5390latitude_e7250_firmwareinspiron_11_2-in-1_3153vostro_5590_firmwarelatitude_3470_firmwareprecision_7530_firmwareinspiron_3790vostro_3583_firmwareinspiron_15_5566inspiron_15_gaming_7567_firmwarelatitude_3190_firmwareinspiron_5494optiplex_5260_aioinspiron_15_2-in-1_5579_firmwarelatitude_e7270_mobile_thin_clientg3_3779_firmwarexps_13_9300vostro_15_3578latitude_3500_firmwareoptiplex_aio_7770inspiron_13_2-in-1_5379latitude_5285_firmwarelatitude_7210_2_in_1chengming_3991latitude_5288_firmwareinspiron_5559inspiron_7501_firmwareinspiron_5480inspiron_15_2-in-1_7569_firmwareoptiplex_7760_aio_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwareprecision_7710_firmwarelatitude_3590inspiron_5400_2_in1_firmwareinspiron_7472_firmwarechengming_3990optiplex_7780_aiovostro_3583latitude_5491_firmwarevostro_5880_firmwareinspiron_3493inspiron_15_7560xps_15_9560_firmwarevostro_14_3468optiplex_3060optiplex_5060chengming_3988_firmwareinspiron_15_2-in-1_7573_firmwareinspiron_3584inspiron_5482_firmwarelatitude_3410_firmwarevostro_5481wyse_5470_all-in-oneprecision_3530_firmwareinspiron_5583_firmwareinspiron_15_2-in-1_7579latitude_5580_firmwarelatitude_3189vostro_3580inspiron_7472latitude_5175inspiron_14_3467_firmwarevostro_3491inspiron_13_2-in-1_5368vostro_15_3568embedded_box_pc_5000optiplex_7480_aio_firmwareinspiron_15_2-in-1_5568_firmwarexps_7390_2-in-1xps_8900inspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_5557_firmwareinspiron_7386_firmwarelatitude_3460_mobile_thin_client_firmwareoptiplex_7080vostro_7500_firmwarelatitude_5480vostro_5471_firmwareinspiron_17_2-in-1_7778_firmwarevostro_3559optiplex_3046g3_15_3500_firmwarelatitude_e7270_mobile_thin_client_firmwarelatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwareinspiron_14_5490inspiron_17_2-in-1_7778inspiron_13_2-in-1_5368_firmwarelatitude_5510vostro_5300_firmwarewyse_5470inspiron_3593_firmwareinspiron_5459_firmwarevostro_3459_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareinspiron_7786_firmwarelatitude_3310_2-in-1_firmwarelatitude_5310_2_in_1vostro_15_3568_firmwarelatitude_7410inspiron_3590_firmwareprecision_3430_firmwarelatitude_5411optiplex_7450_firmwareoptiplex_7450optiplex_3050_aio_firmwarexps_15_2-in-1_9575_firmwareinspiron_15_3567_firmwareg3_3579_firmwarevostro_15_5568_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_13_9360_firmwarevostro_3590_firmwareinspiron_5498optiplex_7440_aio_firmwareinspiron_14_5468_firmwareinspiron_7591_firmwarexps_15_7500latitude_5290inspiron_5300latitude_5289_firmwareprecision_5550_firmwarechengming_3980_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwareinspiron_5590latitude_3350vostro_5481_firmwarevostro_5490vostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671optiplex_aio_7470inspiron_15_2-in-1_7573inspiron_5582inspiron_5498_firmwareinspiron_13_2-in-1_7368precision_5540vostro_5490_firmwareinspiron_14_3473inspiron_14_3458inspiron_3480optiplex_5270_aio_firmwareinspiron_13_2-in-1_7353latitude_3490latitude_e5450_firmwareprecision_3930_rack_firmwareinspiron_3670inspiron_3793_firmwarelatitude_3300_firmwarevostro_5471precision_3640_towerxps_15_7500_firmwareinspiron_11_2-in-1_3153_firmwareinspiron_5759_firmwareinspiron_7391_2_in_1vostro_5581inspiron_3490latitude_5510_firmwareinspiron_3670_firmwarelatitude_3480_mobile_thin_clientlatitude_7212_rugged_extreme_tabletvostro_15_7570latitude_e5570_firmwareoptiplex_3046_firmwarelatitude_3380inspiron_15_gaming_7566_firmwarelatitude_5289inspiron_5582_firmwarelatitude_3460precision_7820vostro_3471_firmwarelatitude_3410precision_5510_firmwareprecision_3420_towerg5_15_5590wyse_5070_thin_clientinspiron_3881xps_13_9380inspiron_14_gaming_7467precision_3420_tower_firmwareoptiplex_5480_aio_firmwarelatitude_5490_firmwarelatitude_5591_firmwarelatitude_5310_firmwarelatitude_3500vostro_3070inspiron_3793inspiron_5481_firmwareprecision_5520_firmwarexps_12_9250chengming_3988inspiron_13_2-in-1_7353_firmwarelatitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareprecision_5540_firmwarevostro_5590inspiron_3268_firmwarexps_15_2-in-1_9575inspiron_13_2-in-1_5378_firmwarevostro_3480inspiron_7500_2_in_1_firmwareg5_15_5500latitude_5450inspiron_15_3568inspiron_5593_firmwareprecision_3630_towerg5_5587latitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedoptiplex_3070optiplex_3040inspiron_15_2-in-1_7568latitude_5450_firmwarelatitude_7290_firmwareprecision_7530inspiron_5370_firmwarechengming_3977_firmwareinspiron_15_7560_firmwareinspiron_5391_firmwarelatitude_e5250embedded_box_pc_5000_firmwareoptiplex_7050inspiron_14_3468inspiron_3490_firmwareprecision_3510vostro_14_3478xps_13_9380_firmwarelatitude_7490inspiron_5390latitude_5288optiplex_7060_firmwareg3_3779inspiron_15-3552_firmwareinspiron_14_3473_firmwareoptiplex_5250vostro_3667_firmwarelatitude_e7250precision_7920_tower_firmwarevostro_15_7570_firmwareDell Client Consumer and Commercial platforms
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2023-6700
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-29.16% / 96.64%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 21:21
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update

The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.

Action-Not Available
Vendor-cookieinformationcookieinformationcookieinformation
Product-wp-gdpr-complianceCookie Information | Free GDPR Consent Solutionfree_gdpr_consent_solution
CWE ID-CWE-862
Missing Authorization
CVE-2022-29611
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.40% / 61.14%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 14:57
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_abapSAP NetWeaver Application Server for ABAP and ABAP Platform
CWE ID-CWE-862
Missing Authorization
CVE-2025-30825
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.35% / 57.75%
||
7 Day CHG-0.03%
Published-01 Apr, 2025 | 20:58
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerability

Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce wpc-smart-linked-products allows Privilege Escalation.This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through <= 1.3.5.

Action-Not Available
Vendor-WPClever
Product-WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-30772
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.38% / 59.79%
||
7 Day CHG-0.14%
Published-27 Mar, 2025 | 10:54
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through <= 3.0.4.

Action-Not Available
Vendor-WPClever
Product-WPC Smart Upsell Funnel for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-5425
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.05%
||
7 Day CHG~0.00%
Published-28 Oct, 2023 | 11:06
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post Meta Data Manager <=1.2.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.

Action-Not Available
Vendor-wpexpertpluginsgandhihitesh9
Product-post_meta_data_managerPost Meta Data Manager
CWE ID-CWE-862
Missing Authorization
CVE-2026-29789
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.07% / 21.13%
||
7 Day CHG+0.01%
Published-06 Mar, 2026 | 20:35
Updated-13 Mar, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification

Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage sites on servers belonging to other projects by supplying a foreign server_id. This issue has been patched in version 3.20.3.

Action-Not Available
Vendor-vitodeployvitodeploy
Product-vitovito
CWE ID-CWE-862
Missing Authorization
CVE-2015-10140
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-57.10% / 98.16%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 13:20
Updated-09 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.

Action-Not Available
Vendor-connekthqUnknown
Product-ajax_load_moreAjax Load More
CWE ID-CWE-862
Missing Authorization
CVE-2022-25206
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.65%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 16:11
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-dbchartsJenkins dbCharts Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2026-29180
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 16.60%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 18:27
Updated-31 Mar, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fleet's team maintainer can transfer hosts from any team via missing source team authorization

Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control over the stolen hosts, including the ability to execute scripts with root privileges. Version 4.81.1 patches the issue.

Action-Not Available
Vendor-fleetdmfleetdm
Product-fleetfleet
CWE ID-CWE-862
Missing Authorization
CVE-2026-29073
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.07% / 20.75%
||
7 Day CHG+0.01%
Published-06 Mar, 2026 | 07:18
Updated-10 Mar, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SiYuan: Direct SQL Query API accessible to Reader-level users enables unauthorized database access

SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0.

Action-Not Available
Vendor-b3logsiyuan-note
Product-siyuansiyuan
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-8840
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.48% / 65.09%
||
7 Day CHG~0.00%
Published-08 Apr, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215.

Action-Not Available
Vendor-n/aSAP SE
Product-netweaver_application_server_javan/a
CWE ID-CWE-862
Missing Authorization
CVE-2026-28193
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-8.8||HIGH
EPSS-0.00% / 0.00%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 12:57
Updated-26 Feb, 2026 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2026-28515
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-44.25% / 97.60%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 22:11
Updated-11 May, 2026 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
openDCIM <= 23.04 Missing Authorization in install.php

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this functionality regardless of assigned privileges. In deployments where REMOTE_USER is set without authentication enforcement, the endpoint may be accessible without credentials. This allows unauthorized modification of application configuration.

Action-Not Available
Vendor-opendcimopenDCIM
Product-opendcimopenDCIM
CWE ID-CWE-862
Missing Authorization
CVE-2023-51515
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.05%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 14:43
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability

Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.

Action-Not Available
Vendor-Undsgnundsgn
Product-Uncode Coreuncode
CWE ID-CWE-862
Missing Authorization
CVE-2026-26368
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.02% / 6.14%
||
7 Day CHG~0.00%
Published-15 Feb, 2026 | 15:29
Updated-28 Feb, 2026 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JUNG eNet SMART HOME server 2.2.1/2.3.1 Account Takeover via resetUserPassword

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user (UG_USER) to reset the password of arbitrary accounts, including those in the UG_ADMIN and UG_SUPER_ADMIN groups, without supplying the current password or having sufficient privileges. By sending a crafted JSON-RPC request to /jsonrpc/management, an attacker can overwrite existing credentials, resulting in direct account takeover with full administrative access and persistent privilege escalation.

Action-Not Available
Vendor-jung-groupJUNG
Product-enet_smart_homeeNet SMART HOME server
CWE ID-CWE-862
Missing Authorization
CVE-2023-51359
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.64%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:29
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Blocks plugin <= 4.2.0 - Multiple Contributor+ Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.

Action-Not Available
Vendor-WPDeveloper
Product-essential_blocksEssential Blocks for Gutenberg
CWE ID-CWE-862
Missing Authorization
CVE-2025-3063
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.82%
||
7 Day CHG-0.11%
Published-02 Apr, 2025 | 09:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopper Approved Reviews 2.0 - 2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Action-Not Available
Vendor-shopperapprovedapp
Product-Shopper Approved Reviews
CWE ID-CWE-862
Missing Authorization
CVE-2023-51360
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.42%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:29
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Blocks plugin <= 4.2.0 - Multiple Subscriber+ Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.

Action-Not Available
Vendor-WPDeveloper
Product-essential_blocksEssential Blocks for Gutenberg
CWE ID-CWE-862
Missing Authorization
CVE-2025-30974
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.23%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Grid Master plugin <= 3.4.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master ajax-filter-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid Master: from n/a through <= 3.4.17.

Action-Not Available
Vendor-AddonMaster (Akhtarujjaman Shuvo)
Product-post_grid_masterPost Grid Master
CWE ID-CWE-862
Missing Authorization
CVE-2023-49856
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.47% / 64.70%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-11 May, 2026 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change Vulnerability

Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through <= 2.6.84.

Action-Not Available
Vendor-rednaoEDGARROJAS
Product-smart_formsSmart Forms
CWE ID-CWE-862
Missing Authorization
CVE-2023-49756
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 50.48%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-11 May, 2026 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Eventin plugin <= 3.3.52 - Authenticated Notice Dismissal Vulnerability

Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through <= 3.3.52.

Action-Not Available
Vendor-themewinterArraytics
Product-eventinEventin
CWE ID-CWE-862
Missing Authorization
CVE-2023-47788
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.62%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 10:33
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jetpack plugin < 12.7 - Contributor+ Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.

Action-Not Available
Vendor-Automattic Inc.
Product-jetpackJetpackjetpack
CWE ID-CWE-862
Missing Authorization
CVE-2023-47874
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 24.62%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 05:31
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.

Action-Not Available
Vendor-perfmattersPerfmattersperfmatters
Product-perfmattersPerfmattersperfmatters
CWE ID-CWE-862
Missing Authorization
CVE-2023-47760
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 63.40%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Blocks plugin <= 4.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.

Action-Not Available
Vendor-WPDeveloper
Product-essential_blocksEssential Blocks for Gutenberg
CWE ID-CWE-862
Missing Authorization
CVE-2023-47870
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.53%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 17:26
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.

Action-Not Available
Vendor-gvectorsgVectors Team
Product-wpforo_forumwpForo Forum
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2020-13270
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.13%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 14:35
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-862
Missing Authorization
CVE-2022-28866
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.07%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity).

Action-Not Available
Vendor-n/aNokia Corporation
Product-airframe_bmc_web_gui_r18_firmwaren/a
CWE ID-CWE-862
Missing Authorization
CVE-2023-46212
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.46%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 23:57
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2.

Action-Not Available
Vendor-wpvnteamTienCOP
Product-wp_extraWP EXtra
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2023-44151
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.30%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 11:49
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1.

Action-Not Available
Vendor-Brainstorm Force
Product-pre-publish_checklistPre-Publish Checklist
CWE ID-CWE-862
Missing Authorization
CVE-2025-2807
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.70% / 72.16%
||
7 Day CHG-0.06%
Published-08 Apr, 2025 | 09:21
Updated-08 Apr, 2026 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-stylemixthemesstylemix
Product-motors_-_car_dealer\,_classifieds_\&_listingMotors – Car Dealership & Classified Listings Plugin
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found