CWE-266

CVE-2026-3668LOWCVSS 3.1EG 3.1

A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack…

CVE-2026-3669MEDIUMCVSS 5.3EG 5.3

A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the at…

CVE-2026-3670MEDIUMCVSS 5.3EG 5.3

A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed…

CVE-2026-3671LOWCVSS 3.3EG 3.3

A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The e…

CVE-2026-3674MEDIUMCVSS 5.3EG 5.3

A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123. Executing a manipulation can lead to imp…

CVE-2026-3675MEDIUMCVSS 5.3EG 5.3

A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. …

CVE-2026-3724MEDIUMCVSS 6.3EG 6.3

A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The…

CVE-2026-3734HIGHCVSS 7.3EG 7.3

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient_id causes improper authorization. It i…

CVE-2026-3737MEDIUMCVSS 6.3EG 6.3

A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper a…

CVE-2026-3738MEDIUMCVSS 6.3EG 6.3

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorizatio…

CVE-2026-3761MEDIUMCVSS 5.4EG 5.4

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of…

CVE-2026-3762HIGHCVSS 7.3EG 7.3

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id c…

CVE-2026-3764HIGHCVSS 7.3EG 7.3

A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The manipulation of the argument manager_id l…

CVE-2026-3796MEDIUMCVSS 5.3EG 5.3

A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadmin_user_update.php. This manipulation causes improper authorization. The attack can be…

2026-03-09

A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead…

CVE-2026-39470HIGHCVSS 7.2EG 7.2

CVE-2026-39579HIGHCVSS 8.8EG 8.8

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions. Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.

CVE-2026-39583CRITICALCVSS 9.8EG 9.8

Contributor Privilege Escalation in B Blocks <= 2.0.31 versions. Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.

CVE-2026-39587HIGHCVSS 8.1EG 8.1

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions. Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.

CVE-2026-4013MEDIUMCVSS 6.3EG 6.3

Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions. Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.

2026-03-12

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched re…

CVE-2026-40869HIGHCVSS 7.5EG 7.5

2026-04-21

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users…

CVE-2026-4180HIGHCVSS 7.3EG 7.3

2026-03-16

A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The att…

CVE-2026-4193HIGHCVSS 7.3EG 7.3

2026-03-16

A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflict…

CVE-2026-4194HIGHCVSS 7.3EG 7.3

2026-03-16

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-…

CVE-2026-42368CRITICALCVSS 9.9EG 9.9

2026-05-04

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this v…

CVE-2026-42680CRITICALCVSS 9.8EG 9.8

2026-06-01

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1.

CVE-2026-42731CRITICALCVSS 9.8EG 9.8

2026-05-27

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9.

CVE-2026-42758CRITICALCVSS 9.8EG 9.8

2026-05-27

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.

CVE-2026-43510HIGHCVSS 7.6EG 7.6

2026-05-07

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.

CVE-2026-43535MEDIUMCVSS 6.8EG 6.8

2026-05-05

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by se…

CVE-2026-44997MEDIUMCVSS 4.3EG 4.3

2026-05-11

OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. A…

CVE-2026-4514MEDIUMCVSS 6.3EG 6.3

2026-03-21

A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can l…

CVE-2026-45216HIGHCVSS 8.8EG 8.8

2026-05-25

Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0.

CVE-2026-4548MEDIUMCVSS 6.3EG 6.3

2026-03-22

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in imprope…

CVE-2026-4617HIGHCVSS 7.3EG 7.3

2026-03-24

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Execu…

CVE-2026-47169HIGHCVSS 7.5EG 7.5

2026-06-11

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole featu…

CVE-2026-48172CRITICALCVSS 10.0EG 10.0⚠ KEV

2026-05-21

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr…

CVE-2026-4824HIGHCVSS 7.0EG 7.0

2026-03-25

A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege manageme…

CVE-2026-48879CRITICALCVSS 9.8EG 9.8

2026-06-01

Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17.

CVE-2026-48889HIGHCVSS 8.8EG 8.8

CVE-2026-49060CRITICALCVSS 9.8EG 9.8

Subscriber Privilege Escalation in Amelia <= 2.3 versions. Subscriber Privilege Escalation in Amelia <= 2.3 versions.

2026-06-11

Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.

CVE-2026-49063HIGHCVSS 7.3EG 7.3

CVE-2026-49083HIGHCVSS 7.5EG 7.5

Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions. Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.

CVE-2026-49111HIGHCVSS 8.8EG 8.8

Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.

CVE-2026-49780HIGHCVSS 8.8EG 8.8

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0.