Total
607 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1411 | 1 Beetel | 2 777vr1, 777vr1 Firmware | 2026-01-30 | 5.9 MEDIUM | 6.1 MEDIUM |
| A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1702 | 2026-01-30 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-14503 | 1 Amazon | 1 Harmonix | 2026-01-30 | N/A | 7.2 HIGH |
| An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges. We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1. | |||||
| CVE-2025-67953 | 2026-01-29 | N/A | 8.1 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through <= 1.16.44. | |||||
| CVE-2026-1597 | 2026-01-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1550 | 2026-01-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2025-67966 | 2026-01-29 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through <= 1.3.3. | |||||
| CVE-2025-68027 | 2026-01-28 | N/A | 7.3 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32. | |||||
| CVE-2025-68869 | 2026-01-28 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.4.01. | |||||
| CVE-2024-54383 | 1 Wpwebelite | 1 Woocommerce Pdf Vouchers | 2026-01-28 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. | |||||
| CVE-2025-69183 | 2026-01-27 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9. | |||||
| CVE-2025-69182 | 2026-01-27 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4. | |||||
| CVE-2026-1141 | 1 Phpgurukul | 1 News Portal | 2026-01-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-50007 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4. | |||||
| CVE-2025-69293 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5. | |||||
| CVE-2025-69292 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4. | |||||
| CVE-2026-1193 | 2026-01-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1112 | 2026-01-26 | 5.5 MEDIUM | 5.4 MEDIUM | ||
| A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids results in improper authorization. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1106 | 2026-01-26 | 5.5 MEDIUM | 5.4 MEDIUM | ||
| A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-23800 | 2026-01-26 | N/A | 10.0 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0. | |||||