Authentication Bypass
Monthly
A permissions issue was addressed with improved validation. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An access issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A file quarantine bypass was addressed with additional checks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved entitlements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed by adding additional logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.
Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Missing Authorization vulnerability in d3wp WP Snow Effect allows Accessing Functionality Not Properly Constrained by ACLs.1.15. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CVLand versions 2.1.0 through 20251103 by CB Project Ltd. Co. permit authenticated attackers to bypass authorization controls via parameter injection, enabling elevated privilege actions and unauthorized access to sensitive data. The CVSS score of 9.9 reflects network-based exploitation with low complexity and scope change allowing high confidentiality and integrity impact. EPSS probability is 0.07% (22nd percentile), indicating relatively low observed exploitation likelihood despite the critical severity rating. No public exploit identified at time of analysis, though the vendor was notified and did not respond.
The privileged user could log in without sufficient credentials after enabling an application protocol. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SiteSEO - SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Post SMTP - Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.8% and no vendor patch available.
Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability in the Signal Level Attenuation Characterization (SLAC) protocol allows attackers to conduct man-in-the-middle attacks against electric vehicles and ISO 15118-2 compliant chargers by injecting spoofed signal level measurements. An attacker within close electromagnetic proximity can intercept and manipulate the wireless communication between EVs and chargers, potentially compromising the confidentiality and integrity of charging transactions. While the CVSS score of 6.3 indicates medium severity with low complexity exploitation, the EPSS score of 0.03% (6th percentile) suggests minimal real-world exploitation likelihood despite the critical nature of EV charging infrastructure.
Authentication cache collision in Dovecot mail server allows remote attackers to gain unauthorized access to other users' accounts under specific caching configurations. When passdb/userdb caching is enabled, certain drivers incorrectly use identical cache keys for multiple distinct users, causing authentication data from one user to be applied to subsequent login attempts by different users. This vulnerability enables attackers to authenticate as other users after the legitimate user's credentials are cached, with no public exploit identified at time of analysis. Despite low EPSS probability (0.03%), the network-accessible attack vector and potential for unauthorized email access warrants immediate remediation in environments using affected caching configurations.
Arbitrary file read vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress plugin (versions up to 4.23.81) allows authenticated Subscriber-level users to read sensitive files from the server via unprotected AJAX endpoints. The vulnerability combines missing capability checks with information exposure in multiple GOTMLS_* AJAX actions, enabling attackers with minimal WordPress privileges to access arbitrary file contents including configuration files and credentials. No public exploit code has been confirmed at this time, though the vulnerability is trivial to exploit given the low authentication barrier.
Missing authorization controls in the Baidu SEO Collection WordPress plugin versions up to 2.1.4 allow unauthenticated remote attackers to access restricted functionality and retrieve sensitive information without proper permission checks. The vulnerability affects the plugin's core access control mechanisms, enabling unauthorized information disclosure with a CVSS score of 5.3. EPSS exploitation probability is low at 0.03%, and no active exploitation has been confirmed.
Link Whisper Free WordPress plugin through version 0.9.2 allows unauthenticated remote attackers to read sensitive information via missing authorization checks on API endpoints. The vulnerability enables bypassing access controls to retrieve data that should be restricted, confirmed with CVSS 5.3 and EPSS 0.03% exploitation probability. No public exploit code or active exploitation has been identified at time of analysis.
Broken access control in RealMag777 MDTF (WordPress Meta Data Filter and Taxonomy Filter) plugin versions up to 1.3.6 allows low-privileged authenticated users to bypass authorization controls and access or modify sensitive metadata and taxonomy filter configurations. While rated CVSS 8.1 (High), real-world exploitation risk remains moderate with EPSS at 0.03% (9th percentile) and no confirmed active exploitation or public exploit code identified at time of analysis. This authentication bypass vulnerability was disclosed by Patchstack's security audit team.
Broken access control in Revive Old Posts (tweet-old-post) WordPress plugin through version 9.3.3 allows authenticated attackers with low-level privileges to escalate permissions and execute high-impact operations including data exfiltration, modification, and service disruption. EPSS score of 0.05% (15th percentile) indicates low probability of mass exploitation, though the 8.8 CVSS score reflects significant potential damage once low-privilege access is obtained. No public exploit identified at time of analysis, and no CISA KEV listing exists.
Broken access control in Welcart e-Commerce WordPress plugin through version 2.11.24 allows authenticated users to bypass authorization checks and perform unauthorized actions with elevated privileges. This authentication bypass vulnerability (CWE-862) enables low-privileged authenticated attackers to access, modify, or delete data beyond their permission level, potentially compromising store operations, customer data, and site integrity. EPSS score of 0.05% (15th percentile) suggests low immediate exploitation probability, though no public exploit has been identified at time of analysis.
Missing authorization controls in the Open Close WooCommerce Store plugin (versions ≤4.9.9) allow authenticated low-privileged users to bypass access restrictions and perform unauthorized high-impact operations, potentially modifying store configuration or accessing sensitive data. With CVSS 8.1 (High severity) but only 0.03% EPSS (9th percentile), this represents a significant vulnerability for affected WordPress/WooCommerce sites, though no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. The authentication requirement (PR:L) substantially limits attack surface compared to unauthenticated vulnerabilities.
WordPress Table Block by RioVizual plugin versions through 3.0.0 contains a broken access control vulnerability allowing authenticated attackers with low privileges to bypass authorization checks and perform high-impact actions including data theft, modification, and service disruption. The CVSS score of 8.8 reflects network-accessible exploitation with low complexity requiring only minimal authentication. EPSS score of 0.05% (15th percentile) suggests low immediate exploitation probability, with no public exploit identified at time of analysis.
Broken access control in MSN Partner Hub WordPress plugin allows authenticated attackers with low privileges to bypass authorization controls and gain unauthorized access to high-privilege functions. This CWE-862 missing authorization flaw affects versions through 2.9, enabling authenticated users to execute actions beyond their intended permission level. EPSS score of 0.05% (15th percentile) indicates low observed exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.
Broken access control in Conversios.io WooCommerce analytics plugin (versions ≤7.2.13) allows authenticated low-privilege users to access or modify high-sensitivity data without proper authorization checks. The vulnerability enables privilege escalation where any authenticated user can bypass intended access restrictions to read confidential information or alter plugin settings/data. EPSS score of 0.03% (9th percentile) indicates low predicted exploitation probability; no public exploit identified at time of analysis.
Unauthenticated remote attackers can bypass authorization controls in TS Demo Importer plugin for WordPress (versions ≤0.1.3), enabling high-impact integrity and availability compromise through misconfigured access control. EPSS scoring at 7th percentile (0.07%) suggests low observed exploitation probability. No CISA KEV listing indicates no confirmed active exploitation at time of analysis, though the authentication bypass tag and critical CVSS 9.1 rating warrant immediate attention for exposed WordPress installations.
Broken access control in IgnitionDeck WordPress plugin (versions ≤2.0.15) enables authenticated users to bypass authorization checks and perform unauthorized actions with elevated privileges. The vulnerability requires low-privilege authentication but has low attack complexity (CVSS 8.8, AV:N/AC:L/PR:L), allowing compromise of confidentiality, integrity, and availability. EPSS probability is low (0.05%, 15th percentile), and no public exploit is identified at time of analysis, suggesting limited active targeting despite the high severity rating.
Broken access control in WP Flights & Hotels Booking WP Plugin (adiaha-hotel) versions ≤3.1 allows authenticated users with low privileges to bypass authorization checks and gain unauthorized access to high-impact functionality. Attackers can achieve complete compromise of confidentiality, integrity, and availability within the plugin's scope. EPSS score of 0.05% (15th percentile) indicates low observed exploitation probability, and no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
Broken access control in King Addons for Elementor (WordPress plugin) versions through 51.1.61 allows authenticated attackers with low privileges to bypass authorization checks and gain unauthorized access to high-privilege functionality. The CVSS 8.8 score reflects potential for full compromise (high confidentiality, integrity, and availability impact), though the EPSS score of 0.05% (15th percentile) indicates minimal real-world exploitation observed. No public exploit code or CISA KEV listing identified at time of analysis. The vulnerability stems from improperly configured access control security levels (CWE-862: Missing Authorization), enabling privilege escalation by low-privileged users.
Missing authorization in RelyWP Coupon Affiliates plugin (versions up to 7.2.0) allows unauthenticated remote attackers to access restricted functionality and read sensitive data due to inadequate access control list (ACL) enforcement. The vulnerability requires no authentication and has low attack complexity, enabling attackers to bypass WordPress permission checks and retrieve coupon-related information not intended for public access.
Originality.ai AI Checker plugin for WordPress allows authenticated attackers with Subscriber-level access to delete all scan result data from the wp_originalityai_log database table due to missing capability checks on the ai_scan_result_remove function in versions up to 1.0.15. The vulnerability enables unauthorized data loss affecting post titles, scan scores, and credit usage records; exploitation requires only standard WordPress authentication and no user interaction.
Originality.ai AI Checker WordPress plugin versions up to 1.0.16 allow authenticated Subscriber-level users to read sensitive data from the wp_originalityai_log database table due to missing capability checks on the 'ai_get_table' AJAX function. An attacker with basic WordPress account privileges can access post titles, scan scores, credit usage, and other logged information without authorization. No public exploit code or active exploitation has been confirmed at time of analysis.
Arbitrary media deletion in Microsoft Azure Storage for WordPress plugin versions up to 4.5.1 allows authenticated subscribers and above to delete any media files from the WordPress Media Library due to missing capability checks on the 'azure-storage-media-replace' AJAX action. The vulnerability requires access to a nonce that is exposed to all authenticated users, enabling low-privilege attackers to perform unauthorized file deletion with no user interaction required. No public exploit code has been identified at the time of analysis.
Unauthenticated attackers can bypass access controls in SUMO Memberships for WooCommerce versions below 7.8.0 to perform unauthorized actions including content modification and deletion through incorrectly configured membership level enforcement. The vulnerability requires user interaction (UI:R) but affects confidentiality, integrity, and availability of protected content. No public exploit code or active exploitation has been confirmed.
Authorization bypass in Houzez WordPress theme versions up to 4.2.5 allows authenticated users to access or modify resources they should not have permission to reach through insecure direct object reference (IDOR) vulnerabilities. An authenticated attacker with low privileges can exploit inadequately configured access controls to view or modify data belonging to other users, achieving limited information disclosure and integrity compromise. The vulnerability is not confirmed as actively exploited, though the attack vector is network-based with low complexity.
Authentication bypass in Ash Framework (Elixir) versions 3.6.3 through 3.7.0 allows low-privileged authenticated attackers to bypass authorization policies and gain unauthorized access to high-confidentiality and high-integrity resources. The flaw resides in the policy expression evaluation logic (lib/ash/policy/policy.ex), enabling attackers to circumvent intended access controls. Publicly available exploit code exists (GitHub commit 8b83efa225f657bfc3656ad8ee8485f9b2de923d references the fix), and with CVSS 8.6 (CVSS 4.0) featuring low attack complexity and network attack vector, this presents significant risk to Elixir applications using vulnerable Ash versions. EPSS data not provided; no CISA KEV status confirmed at time of analysis.
Authenticated subscribers in the Binary MLM Plan WordPress plugin up to version 5.0 can access other users' payout summaries through insecure direct object reference (IDOR) in the /bmp-account-detail/ endpoint. The vulnerability stems from the bmp_user_payout_detail_of_current_user() function failing to verify payout record ownership before returning data, allowing any authenticated user with the bmp_user role to enumerate and view arbitrary payout details by manipulating the payout-id parameter. This is a low-severity information disclosure affecting MLM WordPress sites; no public exploit code or active exploitation has been confirmed.
Authentication bypass in Felan Framework WordPress plugin versions up to 1.1.4 enables unauthenticated attackers to impersonate any user account registered via Facebook or Google social login. Hardcoded passwords in fb_ajax_login_or_register and google_ajax_login_or_register functions allow complete account takeover of affected users without requiring credentials. Exploitable remotely without user interaction. CVSS 9.8 Critical severity. No public exploit identified at time of analysis.
Unauthenticated attackers can read sensitive profile data from the latest SSO login in the YourMembership Single Sign On (YM SSO Login) WordPress plugin through versions 1.1.7 due to a missing capability check on the 'moym_display_test_attributes' function. The vulnerability allows remote, unauthenticated access to confidential user information without any user interaction, presenting a direct information disclosure risk. No active exploitation has been confirmed at the time of analysis, though the low attack complexity and CVSS score of 5.3 indicate moderate real-world risk.
Library Management System plugin for WordPress versions up to 3.1 allows authenticated Subscriber-level users to modify plugin settings and features due to missing capability checks in the owt7_library_management_ajax_handler() AJAX function. An attacker with minimal WordPress account privileges can remotely manipulate plugin configuration without administrative authorization, leading to unauthorized changes to library data and system behavior. No active exploitation or public exploit code has been identified at this time.
WPBifröst WordPress plugin through version 1.0.7 allows low-privileged authenticated users to escalate to full administrative access. Subscribers and higher roles can exploit a missing capability check in the ctl_create_link AJAX handler to create new administrator accounts and immediately log in with full site control. With CVSS 8.8 (High) and EPSS data unavailable, severity is driven by the low privilege requirement (PR:L) and complete system compromise (C:H/I:H/A:H). No public exploit identified at time of analysis, and not listed in CISA KEV, but the attack is trivially automatable once an attacker holds any authenticated role.
Unauthenticated attackers can delete rows from the wp_wdplugin_style database table in the WhyDonate WordPress plugin (versions up to 4.0.15) due to a missing capability check on the remove_row function. This allows unauthorized modification of site styling configuration without authentication, impacting data integrity for affected WordPress installations. No public exploit code or active exploitation has been confirmed at the time of analysis.
Sandboxed iframes in Firefox and Thunderbird can bypass Android permission restrictions to launch external applications without the required allow-permissions, enabling attackers to trigger unintended app launches through malicious links. Unauthenticated remote attackers can exploit this via user interaction (link click) to achieve integrity impact. Firefox 144 and Thunderbird 144 contain fixes; no public exploit code or active exploitation has been identified.
Authentication bypass in Ash framework (Elixir) allows authenticated users to escalate privileges and access unauthorized data by exploiting incorrect authorization checks in the policy authorizer. Affects all versions before 3.6.2. EPSS data not yet available for this recent CVE. No confirmed active exploitation (CISA KEV status: not listed), though the issue is tagged as Authentication Bypass with a GitHub security advisory indicating vendor awareness and patching.
Improper input neutralization in Palo Alto Networks PAN-OS management web interface allows authenticated high-privilege administrators to bypass system restrictions and execute arbitrary commands through command injection. The vulnerability affects PAN-OS across multiple versions (specific version ranges not independently confirmed from provided data), with a low EPSS exploitation probability (0.06%, 17th percentile) and no confirmed active exploitation or public proof-of-concept. Risk is significantly reduced when CLI access is restricted to a limited administrator group; Cloud NGFW and Prisma Access are unaffected.
A privilege escalation vulnerability exists in the integration between Active Directory and the System Security Services Daemon (SSSD) on Linux systems, where an attacker with permissions to modify AD attributes can impersonate privileged users by exploiting a fallback mechanism in the Kerberos authentication plugin. The vulnerability affects domain-joined Linux hosts running SSSD in default configurations and allows attackers to gain unauthorized access with high privileges. With a low EPSS score of 0.05% and no KEV listing, this appears to be a theoretical risk requiring existing AD permissions rather than an actively exploited vulnerability.
Unauthenticated attackers bypass authentication and gain complete account access, including administrator privileges, in Search & Go - Directory WordPress Theme versions ≤2.7 when Facebook login functionality is enabled. Exploitation requires no user interaction and no authentication. The vulnerability stems from insufficient user validation in the search_and_go_elated_check_facebook_user() function, allowing arbitrary account takeover. No public exploit identified at time of analysis. This issue is remotely exploitable over the network with low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fix BUG_ON in probe function The snd_dma_buffer.bytes field now contains the aligned size, which this snd_BUG_ON() did not account for, resulting in the...
Cryptographic signature bypass in OAuth SSO WordPress plugin. EPSS 0.65%.
A security vulnerability in Cost Calculator Builder (CVSS 8.1). High severity vulnerability requiring prompt remediation.
A security vulnerability in Widget Builder (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.10.0 via the 'registerGetForm', 'registerGetForms', 'registerGetCampaign' and 'registerGetCampaigns' functions due to a missing capability check. This makes it possible for unauthenticated attackers to extract data from private and draft donation forms, as well as archived campaigns.
The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate the plugin, tamper with OAuth configuration, and trigger test connections that expose sensitive data via direct request to vulnerable endpoints granted they can craft malicious requests with specific parameters.
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is skipped entirely, allowing an unauthenticated user to read and write to Schema Registry endpoints that should otherwise be protected. This effectively renders the OAuth authentication mechanism ineffective. This issue is fixed in version 5.0.2.
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.
OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party (the target user), who can then view the tickets of the added 'supervised' users. This breaks the authorization model and filters the content of other users' tickets.This issue affects OpenSupports: 4.11.0.
A security vulnerability in An unquoted search path or element vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP Authenticator 1.3.1.1227 and later
A security vulnerability in DirectAdmin (CVSS 8.2) that allows unauthorized attackers. Risk factors: public PoC available.
Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable.This issue affects TigerWings ERP: from 01.01.00 before 3.03.00.
Auth bypass in RestroPress WordPress ordering plugin 3.0.0-3.1.9.2.
A security vulnerability in all (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.
CVE-2025-10212 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Auth bypass in Spirit Framework WordPress plugin <= 1.2.14. EPSS 0.46%.
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.
A permissions issue was addressed with improved validation. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An access issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A file quarantine bypass was addressed with additional checks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved entitlements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed by adding additional logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.
Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Missing Authorization vulnerability in d3wp WP Snow Effect allows Accessing Functionality Not Properly Constrained by ACLs.1.15. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CVLand versions 2.1.0 through 20251103 by CB Project Ltd. Co. permit authenticated attackers to bypass authorization controls via parameter injection, enabling elevated privilege actions and unauthorized access to sensitive data. The CVSS score of 9.9 reflects network-based exploitation with low complexity and scope change allowing high confidentiality and integrity impact. EPSS probability is 0.07% (22nd percentile), indicating relatively low observed exploitation likelihood despite the critical severity rating. No public exploit identified at time of analysis, though the vendor was notified and did not respond.
The privileged user could log in without sufficient credentials after enabling an application protocol. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SiteSEO - SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Post SMTP - Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.8% and no vendor patch available.
Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability in the Signal Level Attenuation Characterization (SLAC) protocol allows attackers to conduct man-in-the-middle attacks against electric vehicles and ISO 15118-2 compliant chargers by injecting spoofed signal level measurements. An attacker within close electromagnetic proximity can intercept and manipulate the wireless communication between EVs and chargers, potentially compromising the confidentiality and integrity of charging transactions. While the CVSS score of 6.3 indicates medium severity with low complexity exploitation, the EPSS score of 0.03% (6th percentile) suggests minimal real-world exploitation likelihood despite the critical nature of EV charging infrastructure.
Authentication cache collision in Dovecot mail server allows remote attackers to gain unauthorized access to other users' accounts under specific caching configurations. When passdb/userdb caching is enabled, certain drivers incorrectly use identical cache keys for multiple distinct users, causing authentication data from one user to be applied to subsequent login attempts by different users. This vulnerability enables attackers to authenticate as other users after the legitimate user's credentials are cached, with no public exploit identified at time of analysis. Despite low EPSS probability (0.03%), the network-accessible attack vector and potential for unauthorized email access warrants immediate remediation in environments using affected caching configurations.
Arbitrary file read vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress plugin (versions up to 4.23.81) allows authenticated Subscriber-level users to read sensitive files from the server via unprotected AJAX endpoints. The vulnerability combines missing capability checks with information exposure in multiple GOTMLS_* AJAX actions, enabling attackers with minimal WordPress privileges to access arbitrary file contents including configuration files and credentials. No public exploit code has been confirmed at this time, though the vulnerability is trivial to exploit given the low authentication barrier.
Missing authorization controls in the Baidu SEO Collection WordPress plugin versions up to 2.1.4 allow unauthenticated remote attackers to access restricted functionality and retrieve sensitive information without proper permission checks. The vulnerability affects the plugin's core access control mechanisms, enabling unauthorized information disclosure with a CVSS score of 5.3. EPSS exploitation probability is low at 0.03%, and no active exploitation has been confirmed.
Link Whisper Free WordPress plugin through version 0.9.2 allows unauthenticated remote attackers to read sensitive information via missing authorization checks on API endpoints. The vulnerability enables bypassing access controls to retrieve data that should be restricted, confirmed with CVSS 5.3 and EPSS 0.03% exploitation probability. No public exploit code or active exploitation has been identified at time of analysis.
Broken access control in RealMag777 MDTF (WordPress Meta Data Filter and Taxonomy Filter) plugin versions up to 1.3.6 allows low-privileged authenticated users to bypass authorization controls and access or modify sensitive metadata and taxonomy filter configurations. While rated CVSS 8.1 (High), real-world exploitation risk remains moderate with EPSS at 0.03% (9th percentile) and no confirmed active exploitation or public exploit code identified at time of analysis. This authentication bypass vulnerability was disclosed by Patchstack's security audit team.
Broken access control in Revive Old Posts (tweet-old-post) WordPress plugin through version 9.3.3 allows authenticated attackers with low-level privileges to escalate permissions and execute high-impact operations including data exfiltration, modification, and service disruption. EPSS score of 0.05% (15th percentile) indicates low probability of mass exploitation, though the 8.8 CVSS score reflects significant potential damage once low-privilege access is obtained. No public exploit identified at time of analysis, and no CISA KEV listing exists.
Broken access control in Welcart e-Commerce WordPress plugin through version 2.11.24 allows authenticated users to bypass authorization checks and perform unauthorized actions with elevated privileges. This authentication bypass vulnerability (CWE-862) enables low-privileged authenticated attackers to access, modify, or delete data beyond their permission level, potentially compromising store operations, customer data, and site integrity. EPSS score of 0.05% (15th percentile) suggests low immediate exploitation probability, though no public exploit has been identified at time of analysis.
Missing authorization controls in the Open Close WooCommerce Store plugin (versions ≤4.9.9) allow authenticated low-privileged users to bypass access restrictions and perform unauthorized high-impact operations, potentially modifying store configuration or accessing sensitive data. With CVSS 8.1 (High severity) but only 0.03% EPSS (9th percentile), this represents a significant vulnerability for affected WordPress/WooCommerce sites, though no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. The authentication requirement (PR:L) substantially limits attack surface compared to unauthenticated vulnerabilities.
WordPress Table Block by RioVizual plugin versions through 3.0.0 contains a broken access control vulnerability allowing authenticated attackers with low privileges to bypass authorization checks and perform high-impact actions including data theft, modification, and service disruption. The CVSS score of 8.8 reflects network-accessible exploitation with low complexity requiring only minimal authentication. EPSS score of 0.05% (15th percentile) suggests low immediate exploitation probability, with no public exploit identified at time of analysis.
Broken access control in MSN Partner Hub WordPress plugin allows authenticated attackers with low privileges to bypass authorization controls and gain unauthorized access to high-privilege functions. This CWE-862 missing authorization flaw affects versions through 2.9, enabling authenticated users to execute actions beyond their intended permission level. EPSS score of 0.05% (15th percentile) indicates low observed exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.
Broken access control in Conversios.io WooCommerce analytics plugin (versions ≤7.2.13) allows authenticated low-privilege users to access or modify high-sensitivity data without proper authorization checks. The vulnerability enables privilege escalation where any authenticated user can bypass intended access restrictions to read confidential information or alter plugin settings/data. EPSS score of 0.03% (9th percentile) indicates low predicted exploitation probability; no public exploit identified at time of analysis.
Unauthenticated remote attackers can bypass authorization controls in TS Demo Importer plugin for WordPress (versions ≤0.1.3), enabling high-impact integrity and availability compromise through misconfigured access control. EPSS scoring at 7th percentile (0.07%) suggests low observed exploitation probability. No CISA KEV listing indicates no confirmed active exploitation at time of analysis, though the authentication bypass tag and critical CVSS 9.1 rating warrant immediate attention for exposed WordPress installations.
Broken access control in IgnitionDeck WordPress plugin (versions ≤2.0.15) enables authenticated users to bypass authorization checks and perform unauthorized actions with elevated privileges. The vulnerability requires low-privilege authentication but has low attack complexity (CVSS 8.8, AV:N/AC:L/PR:L), allowing compromise of confidentiality, integrity, and availability. EPSS probability is low (0.05%, 15th percentile), and no public exploit is identified at time of analysis, suggesting limited active targeting despite the high severity rating.
Broken access control in WP Flights & Hotels Booking WP Plugin (adiaha-hotel) versions ≤3.1 allows authenticated users with low privileges to bypass authorization checks and gain unauthorized access to high-impact functionality. Attackers can achieve complete compromise of confidentiality, integrity, and availability within the plugin's scope. EPSS score of 0.05% (15th percentile) indicates low observed exploitation probability, and no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
Broken access control in King Addons for Elementor (WordPress plugin) versions through 51.1.61 allows authenticated attackers with low privileges to bypass authorization checks and gain unauthorized access to high-privilege functionality. The CVSS 8.8 score reflects potential for full compromise (high confidentiality, integrity, and availability impact), though the EPSS score of 0.05% (15th percentile) indicates minimal real-world exploitation observed. No public exploit code or CISA KEV listing identified at time of analysis. The vulnerability stems from improperly configured access control security levels (CWE-862: Missing Authorization), enabling privilege escalation by low-privileged users.
Missing authorization in RelyWP Coupon Affiliates plugin (versions up to 7.2.0) allows unauthenticated remote attackers to access restricted functionality and read sensitive data due to inadequate access control list (ACL) enforcement. The vulnerability requires no authentication and has low attack complexity, enabling attackers to bypass WordPress permission checks and retrieve coupon-related information not intended for public access.
Originality.ai AI Checker plugin for WordPress allows authenticated attackers with Subscriber-level access to delete all scan result data from the wp_originalityai_log database table due to missing capability checks on the ai_scan_result_remove function in versions up to 1.0.15. The vulnerability enables unauthorized data loss affecting post titles, scan scores, and credit usage records; exploitation requires only standard WordPress authentication and no user interaction.
Originality.ai AI Checker WordPress plugin versions up to 1.0.16 allow authenticated Subscriber-level users to read sensitive data from the wp_originalityai_log database table due to missing capability checks on the 'ai_get_table' AJAX function. An attacker with basic WordPress account privileges can access post titles, scan scores, credit usage, and other logged information without authorization. No public exploit code or active exploitation has been confirmed at time of analysis.
Arbitrary media deletion in Microsoft Azure Storage for WordPress plugin versions up to 4.5.1 allows authenticated subscribers and above to delete any media files from the WordPress Media Library due to missing capability checks on the 'azure-storage-media-replace' AJAX action. The vulnerability requires access to a nonce that is exposed to all authenticated users, enabling low-privilege attackers to perform unauthorized file deletion with no user interaction required. No public exploit code has been identified at the time of analysis.
Unauthenticated attackers can bypass access controls in SUMO Memberships for WooCommerce versions below 7.8.0 to perform unauthorized actions including content modification and deletion through incorrectly configured membership level enforcement. The vulnerability requires user interaction (UI:R) but affects confidentiality, integrity, and availability of protected content. No public exploit code or active exploitation has been confirmed.
Authorization bypass in Houzez WordPress theme versions up to 4.2.5 allows authenticated users to access or modify resources they should not have permission to reach through insecure direct object reference (IDOR) vulnerabilities. An authenticated attacker with low privileges can exploit inadequately configured access controls to view or modify data belonging to other users, achieving limited information disclosure and integrity compromise. The vulnerability is not confirmed as actively exploited, though the attack vector is network-based with low complexity.
Authentication bypass in Ash Framework (Elixir) versions 3.6.3 through 3.7.0 allows low-privileged authenticated attackers to bypass authorization policies and gain unauthorized access to high-confidentiality and high-integrity resources. The flaw resides in the policy expression evaluation logic (lib/ash/policy/policy.ex), enabling attackers to circumvent intended access controls. Publicly available exploit code exists (GitHub commit 8b83efa225f657bfc3656ad8ee8485f9b2de923d references the fix), and with CVSS 8.6 (CVSS 4.0) featuring low attack complexity and network attack vector, this presents significant risk to Elixir applications using vulnerable Ash versions. EPSS data not provided; no CISA KEV status confirmed at time of analysis.
Authenticated subscribers in the Binary MLM Plan WordPress plugin up to version 5.0 can access other users' payout summaries through insecure direct object reference (IDOR) in the /bmp-account-detail/ endpoint. The vulnerability stems from the bmp_user_payout_detail_of_current_user() function failing to verify payout record ownership before returning data, allowing any authenticated user with the bmp_user role to enumerate and view arbitrary payout details by manipulating the payout-id parameter. This is a low-severity information disclosure affecting MLM WordPress sites; no public exploit code or active exploitation has been confirmed.
Authentication bypass in Felan Framework WordPress plugin versions up to 1.1.4 enables unauthenticated attackers to impersonate any user account registered via Facebook or Google social login. Hardcoded passwords in fb_ajax_login_or_register and google_ajax_login_or_register functions allow complete account takeover of affected users without requiring credentials. Exploitable remotely without user interaction. CVSS 9.8 Critical severity. No public exploit identified at time of analysis.
Unauthenticated attackers can read sensitive profile data from the latest SSO login in the YourMembership Single Sign On (YM SSO Login) WordPress plugin through versions 1.1.7 due to a missing capability check on the 'moym_display_test_attributes' function. The vulnerability allows remote, unauthenticated access to confidential user information without any user interaction, presenting a direct information disclosure risk. No active exploitation has been confirmed at the time of analysis, though the low attack complexity and CVSS score of 5.3 indicate moderate real-world risk.
Library Management System plugin for WordPress versions up to 3.1 allows authenticated Subscriber-level users to modify plugin settings and features due to missing capability checks in the owt7_library_management_ajax_handler() AJAX function. An attacker with minimal WordPress account privileges can remotely manipulate plugin configuration without administrative authorization, leading to unauthorized changes to library data and system behavior. No active exploitation or public exploit code has been identified at this time.
WPBifröst WordPress plugin through version 1.0.7 allows low-privileged authenticated users to escalate to full administrative access. Subscribers and higher roles can exploit a missing capability check in the ctl_create_link AJAX handler to create new administrator accounts and immediately log in with full site control. With CVSS 8.8 (High) and EPSS data unavailable, severity is driven by the low privilege requirement (PR:L) and complete system compromise (C:H/I:H/A:H). No public exploit identified at time of analysis, and not listed in CISA KEV, but the attack is trivially automatable once an attacker holds any authenticated role.
Unauthenticated attackers can delete rows from the wp_wdplugin_style database table in the WhyDonate WordPress plugin (versions up to 4.0.15) due to a missing capability check on the remove_row function. This allows unauthorized modification of site styling configuration without authentication, impacting data integrity for affected WordPress installations. No public exploit code or active exploitation has been confirmed at the time of analysis.
Sandboxed iframes in Firefox and Thunderbird can bypass Android permission restrictions to launch external applications without the required allow-permissions, enabling attackers to trigger unintended app launches through malicious links. Unauthenticated remote attackers can exploit this via user interaction (link click) to achieve integrity impact. Firefox 144 and Thunderbird 144 contain fixes; no public exploit code or active exploitation has been identified.
Authentication bypass in Ash framework (Elixir) allows authenticated users to escalate privileges and access unauthorized data by exploiting incorrect authorization checks in the policy authorizer. Affects all versions before 3.6.2. EPSS data not yet available for this recent CVE. No confirmed active exploitation (CISA KEV status: not listed), though the issue is tagged as Authentication Bypass with a GitHub security advisory indicating vendor awareness and patching.
Improper input neutralization in Palo Alto Networks PAN-OS management web interface allows authenticated high-privilege administrators to bypass system restrictions and execute arbitrary commands through command injection. The vulnerability affects PAN-OS across multiple versions (specific version ranges not independently confirmed from provided data), with a low EPSS exploitation probability (0.06%, 17th percentile) and no confirmed active exploitation or public proof-of-concept. Risk is significantly reduced when CLI access is restricted to a limited administrator group; Cloud NGFW and Prisma Access are unaffected.
A privilege escalation vulnerability exists in the integration between Active Directory and the System Security Services Daemon (SSSD) on Linux systems, where an attacker with permissions to modify AD attributes can impersonate privileged users by exploiting a fallback mechanism in the Kerberos authentication plugin. The vulnerability affects domain-joined Linux hosts running SSSD in default configurations and allows attackers to gain unauthorized access with high privileges. With a low EPSS score of 0.05% and no KEV listing, this appears to be a theoretical risk requiring existing AD permissions rather than an actively exploited vulnerability.
Unauthenticated attackers bypass authentication and gain complete account access, including administrator privileges, in Search & Go - Directory WordPress Theme versions ≤2.7 when Facebook login functionality is enabled. Exploitation requires no user interaction and no authentication. The vulnerability stems from insufficient user validation in the search_and_go_elated_check_facebook_user() function, allowing arbitrary account takeover. No public exploit identified at time of analysis. This issue is remotely exploitable over the network with low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fix BUG_ON in probe function The snd_dma_buffer.bytes field now contains the aligned size, which this snd_BUG_ON() did not account for, resulting in the...
Cryptographic signature bypass in OAuth SSO WordPress plugin. EPSS 0.65%.
A security vulnerability in Cost Calculator Builder (CVSS 8.1). High severity vulnerability requiring prompt remediation.
A security vulnerability in Widget Builder (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.10.0 via the 'registerGetForm', 'registerGetForms', 'registerGetCampaign' and 'registerGetCampaigns' functions due to a missing capability check. This makes it possible for unauthenticated attackers to extract data from private and draft donation forms, as well as archived campaigns.
The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate the plugin, tamper with OAuth configuration, and trigger test connections that expose sensitive data via direct request to vulnerable endpoints granted they can craft malicious requests with specific parameters.
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is skipped entirely, allowing an unauthenticated user to read and write to Schema Registry endpoints that should otherwise be protected. This effectively renders the OAuth authentication mechanism ineffective. This issue is fixed in version 5.0.2.
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.
OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party (the target user), who can then view the tickets of the added 'supervised' users. This breaks the authorization model and filters the content of other users' tickets.This issue affects OpenSupports: 4.11.0.
A security vulnerability in An unquoted search path or element vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP Authenticator 1.3.1.1227 and later
A security vulnerability in DirectAdmin (CVSS 8.2) that allows unauthorized attackers. Risk factors: public PoC available.
Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable.This issue affects TigerWings ERP: from 01.01.00 before 3.03.00.
Auth bypass in RestroPress WordPress ordering plugin 3.0.0-3.1.9.2.
A security vulnerability in all (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.
CVE-2025-10212 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Auth bypass in Spirit Framework WordPress plugin <= 1.2.14. EPSS 0.46%.
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.