The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily affecting direct message channels. There are no known workarounds for this issue, and users are advised to update the plugin.
An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information.
Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack cryptocurrency-widgets-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets Pack: from n/a through <= 2.0.1.
TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2.
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.
Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. This issue has been patched in version 0.11.6.
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.
A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns personal information (email, first name, last name, user ID, active status) of any user to any authenticated user, including students. There is no authorization check. This vulnerability is fixed in 1.11.38.
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the REST API stats endpoint allows any authenticated user (including low-privilege students with ROLE_USER) to read any other user's learning progress, certificates, and gradebook scores for any course, without enrollment or supervisory relationship. This vulnerability is fixed in 2.0.0-RC.3.
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including associated patient names and free-text message content, by crafting a GET request with arbitrary user IDs in the `sentTo[]` or `sentBy[]` parameters. Version 8.0.0.2 fixes the issue.
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/YPTWallet/view/users.json.php endpoint returns all platform users with their personal information and wallet balances to any authenticated user. The endpoint checks User::isLogged() but does not check User::isAdmin(), so any registered user can dump the full user database. At time of publication, there are no publicly available patches.
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access controls by directly accessing the endpoint without ownership or role-based validation to extract administrator credentials and perform privilege escalation.
Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').
Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through <= 4.0.5.
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.
The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission.
Missing Authorization vulnerability in bPlugins Animated Text Block animated-text-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Text Block: from n/a through <= 1.0.7.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue.
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loads and returns person records without performing object-level authorization checks. Although the legacy PersonView.php page enforces canEditPerson() restrictions, the API layer omits this check. Any authenticated user with only EditSelf privileges can enumerate and read other members' records, exposing sensitive PII including names, addresses, phone numbers, and email addresses. This issue has been fixed in version 7.2.0.
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
Missing Authorization vulnerability in Alex Volkov WAH Forms wah-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WAH Forms: from n/a through <= 1.0.
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.14.
Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4.
Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects King Addons for Elementor: from n/a through <= 51.1.61.
Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badge Maker: from n/a through <= 1.21.
Missing Authorization vulnerability in Gaurav Aggarwal Backup and Move backup-and-move allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup and Move: from n/a through <= 0.1.
Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.10.4.
Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through <= 3.0.3.
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.39.
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: `/api/timeline` returns timeline entries for cameras outside the caller's allowed camera set, then `/api/events/{event_id}/snapshot-clean.webp` declares `Depends(require_camera_access)` but never actually validates `event.camera` after looking up the event. Together, this allows a restricted user to enumerate event IDs from unauthorized cameras and then fetch clean snapshots for those events. Version 0.17.1 fixes the issue.
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.
Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.9.2.
Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 6.3.0.
The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an admin_post action hook 'wp-blockade-shortcode-render' that maps to the render_shortcode_preview() function. This function lacks any capability check (current_user_can()) and nonce verification, allowing any authenticated user to execute arbitrary WordPress shortcodes. The function takes a user-supplied 'shortcode' parameter from $_GET, passes it through stripslashes(), and directly executes it via do_shortcode(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes, which could lead to information disclosure, privilege escalation, or other impacts depending on what shortcodes are registered on the site (e.g., shortcodes from other plugins that display sensitive data, perform actions, or include files).
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this vulnerability by directly accessing a troubleshoot file for a different domain that is managed on the same Cisco Secure FMC instance. A successful exploit could allow the attacker to retrieve a troubleshoot file for a different domain, which could allow the attacker to access sensitive information contained in the troubleshoot file.