Skip to main content

Izooto

1 CVEs product

Monthly

CVE-2026-39673 MEDIUM This Month

Missing authorization in iZooto web push plugin versions 3.7.20 and earlier allows unauthenticated remote attackers to modify data through incorrectly configured access control, compromised integrity without requiring authentication or user interaction. CVSS 5.3 reflects the integrity impact; EPSS 0.02% indicates extremely low real-world exploitation probability despite the straightforward attack vector (AV:N, AC:L, PR:N).

Authentication Bypass Izooto
NVD
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing authorization in iZooto web push plugin versions 3.7.20 and earlier allows unauthenticated remote attackers to modify data through incorrectly configured access control, compromised integrity without requiring authentication or user interaction. CVSS 5.3 reflects the integrity impact; EPSS 0.02% indicates extremely low real-world exploitation probability despite the straightforward attack vector (AV:N, AC:L, PR:N).

Authentication Bypass Izooto
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy