CWE-862
Allowed-with-ReviewMissing Authorization
Abstraction: Class · Status: Incomplete
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
14568 vulnerabilities reference this CWE, most recent first.
GHSA-WJ7C-4F93-R89C
Vulnerability from github – Published: 2023-08-04 00:30 – Updated: 2024-04-04 06:32The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
{
"affected": [],
"aliases": [
"CVE-2023-30950"
],
"database_specific": {
"cwe_ids": [
"CWE-290",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-03T22:15:11Z",
"severity": "MODERATE"
},
"details": "The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint",
"id": "GHSA-wj7c-4f93-r89c",
"modified": "2024-04-04T06:32:23Z",
"published": "2023-08-04T00:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30950"
},
{
"type": "WEB",
"url": "https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJ8X-23V3-HGGR
Vulnerability from github – Published: 2025-11-10 15:31 – Updated: 2025-11-10 15:31In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes
{
"affected": [],
"aliases": [
"CVE-2025-64690"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-10T14:15:44Z",
"severity": "MODERATE"
},
"details": "In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes",
"id": "GHSA-wj8x-23v3-hggr",
"modified": "2025-11-10T15:31:05Z",
"published": "2025-11-10T15:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64690"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJCR-PCRW-P99X
Vulnerability from github – Published: 2025-04-09 18:30 – Updated: 2026-04-01 18:34Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.
{
"affected": [],
"aliases": [
"CVE-2025-31012"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-09T17:15:33Z",
"severity": "MODERATE"
},
"details": "Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.",
"id": "GHSA-wjcr-pcrw-p99x",
"modified": "2026-04-01T18:34:34Z",
"published": "2025-04-09T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31012"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/age-gate/vulnerability/wordpress-age-gate-3-5-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJG2-C55H-PHF5
Vulnerability from github – Published: 2024-09-17 00:31 – Updated: 2025-11-04 18:31This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.
{
"affected": [],
"aliases": [
"CVE-2024-40852"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-17T00:15:49Z",
"severity": "HIGH"
},
"details": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.",
"id": "GHSA-wjg2-c55h-phf5",
"modified": "2025-11-04T18:31:20Z",
"published": "2024-09-17T00:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40852"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121250"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJMG-4CQ5-M8HG
Vulnerability from github – Published: 2026-03-11 00:12 – Updated: 2026-03-11 05:46Impact
The POST /api/v2/shop/orders/{tokenValue}/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue.
POST /api/v2/shop/orders/{tokenValue}/items
Other mutation endpoints (PUT, PATCH, DELETE) are not affected. API Platform loads the Order entity through the state provider for these operations, which triggers VisitorBasedExtension and returns 404 for unauthorized users.
An attacker who obtains a cart tokenValue can add arbitrary items to another customer's cart. The endpoint returns the full cart representation in the response (HTTP 201), potentially leaking:
- Customer email address
- Cart contents (products, quantities, prices)
- Address data (billing and shipping if set)
- Payment and shipment IDs
- Order totals and tax breakdown
- Checkout state
Patches
The issue is fixed in versions: 2.0.16, 2.1.12, 2.2.3, and above.
Workarounds
Add an ownership check in AddItemToCartHandler by injecting UserContextInterface and verifying the current user matches the cart owner before adding items.
Step 1. Patch the handler
Create new src/CommandHandler/Cart/AddItemToCartHandler.php:
<?php
declare(strict_types=1);
namespace App\CommandHandler\Cart;
use Sylius\Bundle\ApiBundle\Command\Cart\AddItemToCart;
use Sylius\Bundle\ApiBundle\Context\UserContextInterface;
use Sylius\Component\Core\Factory\CartItemFactoryInterface;
use Sylius\Component\Core\Model\OrderInterface;
use Sylius\Component\Core\Model\OrderItemInterface;
use Sylius\Component\Core\Model\ProductVariantInterface;
use Sylius\Component\Core\Model\ShopUserInterface;
use Sylius\Component\Core\Repository\OrderRepositoryInterface;
use Sylius\Component\Core\Repository\ProductVariantRepositoryInterface;
use Sylius\Component\Order\Modifier\OrderItemQuantityModifierInterface;
use Sylius\Component\Order\Modifier\OrderModifierInterface;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
#[AsMessageHandler]
final readonly class AddItemToCartHandler
{
public function __construct(
private OrderRepositoryInterface $orderRepository,
private ProductVariantRepositoryInterface $productVariantRepository,
private OrderModifierInterface $orderModifier,
private CartItemFactoryInterface $cartItemFactory,
private OrderItemQuantityModifierInterface $orderItemQuantityModifier,
private UserContextInterface $userContext,
) {
}
public function __invoke(AddItemToCart $addItemToCart): OrderInterface
{
/** @var ProductVariantInterface|null $productVariant */
$productVariant = $this->productVariantRepository->findOneBy(['code' => $addItemToCart->productVariantCode]);
if ($productVariant === null) {
throw new \InvalidArgumentException('Product variant with given code has not been found.');
}
/** @var OrderInterface|null $cart */
$cart = $this->orderRepository->findCartByTokenValue($addItemToCart->orderTokenValue);
if ($cart === null) {
throw new \InvalidArgumentException('Cart with given token has not been found.');
}
$this->assertCartAccessible($cart);
/** @var OrderItemInterface $cartItem */
$cartItem = $this->cartItemFactory->createNew();
$cartItem->setVariant($productVariant);
$this->orderItemQuantityModifier->modify($cartItem, $addItemToCart->quantity);
$this->orderModifier->addToOrder($cart, $cartItem);
return $cart;
}
private function assertCartAccessible(OrderInterface $cart): void
{
if ($cart->isCreatedByGuest()) {
return;
}
$cartCustomer = $cart->getCustomer();
if (null === $cartCustomer || null === $cartCustomer->getUser()) {
return;
}
$currentUser = $this->userContext->getUser();
if (
$currentUser instanceof ShopUserInterface
&& $currentUser->getCustomer()?->getId() === $cartCustomer->getId()
) {
return;
}
throw new NotFoundHttpException('Cart not found.');
}
}
Step 2. Override the service
# config/services.yaml
services:
App\:
resource: '../src/*'
- exclude: '../src/{Entity,Kernel.php}'
+ exclude: '../src/{Entity,Kernel.php,CommandHandler}'
sylius_api.command_handler.cart.add_item_to_cart:
class: App\CommandHandler\Cart\AddItemToCartHandler
arguments:
$orderRepository: '@sylius.repository.order'
$productVariantRepository: '@sylius.repository.product_variant'
$orderModifier: '@sylius.modifier.order'
$cartItemFactory: '@sylius.factory.order_item'
$orderItemQuantityModifier: '@sylius.modifier.order_item_quantity'
$userContext: '@Sylius\Bundle\ApiBundle\Context\UserContextInterface'
tags:
- { name: messenger.message_handler, bus: sylius.command_bus }
Step 3. Clear cache
bin/console cache:clear
Reporters
We would like to extend our gratitude to the following individuals for their detailed reporting and responsible disclosure of this vulnerability: - @rokorolov
For more information
If you have any questions or comments about this advisory:
- Open an issue in Sylius issues
- Email us at security@sylius.com
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.15"
},
"package": {
"ecosystem": "Packagist",
"name": "sylius/sylius"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.1.11"
},
"package": {
"ecosystem": "Packagist",
"name": "sylius/sylius"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.2.2"
},
"package": {
"ecosystem": "Packagist",
"name": "sylius/sylius"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-31821"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-11T00:12:54Z",
"nvd_published_at": "2026-03-10T22:16:19Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe `POST /api/v2/shop/orders/{tokenValue}/items` endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers\u0027 carts by knowing the cart `tokenValue`.\n\n```\nPOST /api/v2/shop/orders/{tokenValue}/items\n```\n\nOther mutation endpoints (PUT, PATCH, DELETE) are **not affected**. API Platform loads the Order entity through the state provider for these operations, which triggers `VisitorBasedExtension` and returns 404 for unauthorized users.\n\nAn attacker who obtains a cart `tokenValue` can add arbitrary items to another customer\u0027s cart. The endpoint returns the full cart representation in the response (HTTP 201), potentially leaking:\n\n- Customer email address\n- Cart contents (products, quantities, prices)\n- Address data (billing and shipping if set)\n- Payment and shipment IDs\n- Order totals and tax breakdown\n- Checkout state\n\n### Patches\nThe issue is fixed in versions: 2.0.16, 2.1.12, 2.2.3, and above.\n\n### Workarounds\nAdd an ownership check in `AddItemToCartHandler` by injecting `UserContextInterface` and verifying the current user matches the cart owner before adding items.\n\n#### Step 1. Patch the handler\n\nCreate new `src/CommandHandler/Cart/AddItemToCartHandler.php`:\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\CommandHandler\\Cart;\n\nuse Sylius\\Bundle\\ApiBundle\\Command\\Cart\\AddItemToCart;\nuse Sylius\\Bundle\\ApiBundle\\Context\\UserContextInterface;\nuse Sylius\\Component\\Core\\Factory\\CartItemFactoryInterface;\nuse Sylius\\Component\\Core\\Model\\OrderInterface;\nuse Sylius\\Component\\Core\\Model\\OrderItemInterface;\nuse Sylius\\Component\\Core\\Model\\ProductVariantInterface;\nuse Sylius\\Component\\Core\\Model\\ShopUserInterface;\nuse Sylius\\Component\\Core\\Repository\\OrderRepositoryInterface;\nuse Sylius\\Component\\Core\\Repository\\ProductVariantRepositoryInterface;\nuse Sylius\\Component\\Order\\Modifier\\OrderItemQuantityModifierInterface;\nuse Sylius\\Component\\Order\\Modifier\\OrderModifierInterface;\nuse Symfony\\Component\\HttpKernel\\Exception\\NotFoundHttpException;\nuse Symfony\\Component\\Messenger\\Attribute\\AsMessageHandler;\n\n#[AsMessageHandler]\nfinal readonly class AddItemToCartHandler\n{\n public function __construct(\n private OrderRepositoryInterface $orderRepository,\n private ProductVariantRepositoryInterface $productVariantRepository,\n private OrderModifierInterface $orderModifier,\n private CartItemFactoryInterface $cartItemFactory,\n private OrderItemQuantityModifierInterface $orderItemQuantityModifier,\n private UserContextInterface $userContext,\n ) {\n }\n\n public function __invoke(AddItemToCart $addItemToCart): OrderInterface\n {\n /** @var ProductVariantInterface|null $productVariant */\n $productVariant = $this-\u003eproductVariantRepository-\u003efindOneBy([\u0027code\u0027 =\u003e $addItemToCart-\u003eproductVariantCode]);\n\n if ($productVariant === null) {\n throw new \\InvalidArgumentException(\u0027Product variant with given code has not been found.\u0027);\n }\n\n /** @var OrderInterface|null $cart */\n $cart = $this-\u003eorderRepository-\u003efindCartByTokenValue($addItemToCart-\u003eorderTokenValue);\n\n if ($cart === null) {\n throw new \\InvalidArgumentException(\u0027Cart with given token has not been found.\u0027);\n }\n\n $this-\u003eassertCartAccessible($cart);\n\n /** @var OrderItemInterface $cartItem */\n $cartItem = $this-\u003ecartItemFactory-\u003ecreateNew();\n $cartItem-\u003esetVariant($productVariant);\n\n $this-\u003eorderItemQuantityModifier-\u003emodify($cartItem, $addItemToCart-\u003equantity);\n $this-\u003eorderModifier-\u003eaddToOrder($cart, $cartItem);\n\n return $cart;\n }\n\n private function assertCartAccessible(OrderInterface $cart): void\n {\n if ($cart-\u003eisCreatedByGuest()) {\n return;\n }\n\n $cartCustomer = $cart-\u003egetCustomer();\n\n if (null === $cartCustomer || null === $cartCustomer-\u003egetUser()) {\n return;\n }\n\n $currentUser = $this-\u003euserContext-\u003egetUser();\n\n if (\n $currentUser instanceof ShopUserInterface\n \u0026\u0026 $currentUser-\u003egetCustomer()?-\u003egetId() === $cartCustomer-\u003egetId()\n ) {\n return;\n }\n\n throw new NotFoundHttpException(\u0027Cart not found.\u0027);\n }\n}\n```\n\n#### Step 2. Override the service\n\n```diff\n# config/services.yaml\n\nservices:\n App\\:\n resource: \u0027../src/*\u0027\n- exclude: \u0027../src/{Entity,Kernel.php}\u0027 \n+ exclude: \u0027../src/{Entity,Kernel.php,CommandHandler}\u0027\n\n sylius_api.command_handler.cart.add_item_to_cart:\n class: App\\CommandHandler\\Cart\\AddItemToCartHandler\n arguments:\n $orderRepository: \u0027@sylius.repository.order\u0027\n $productVariantRepository: \u0027@sylius.repository.product_variant\u0027\n $orderModifier: \u0027@sylius.modifier.order\u0027\n $cartItemFactory: \u0027@sylius.factory.order_item\u0027\n $orderItemQuantityModifier: \u0027@sylius.modifier.order_item_quantity\u0027\n $userContext: \u0027@Sylius\\Bundle\\ApiBundle\\Context\\UserContextInterface\u0027\n tags:\n - { name: messenger.message_handler, bus: sylius.command_bus }\n```\n\n#### Step 3. Clear cache\n\n```bash\nbin/console cache:clear\n```\n\n### Reporters\n\nWe would like to extend our gratitude to the following individuals for their detailed reporting and responsible disclosure of this vulnerability:\n- @rokorolov\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n- Open an issue in [Sylius issues](https://github.com/Sylius/Sylius/issues?q=sort%3Aupdated-desc+is%3Aissue+is%3Aopen)\n- Email us at [security@sylius.com](mailto:security@sylius.com)",
"id": "GHSA-wjmg-4cq5-m8hg",
"modified": "2026-03-11T05:46:30Z",
"published": "2026-03-11T00:12:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-wjmg-4cq5-m8hg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31821"
},
{
"type": "PACKAGE",
"url": "https://github.com/Sylius/Sylius"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Sylius is Missing Authorization in API v2 Add Item Endpoint"
}
GHSA-WJMQ-RPQQ-W4H9
Vulnerability from github – Published: 2026-06-24 15:31 – Updated: 2026-06-24 18:32Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method.
{
"affected": [],
"aliases": [
"CVE-2026-57291"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T14:17:35Z",
"severity": "MODERATE"
},
"details": "Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method.",
"id": "GHSA-wjmq-rpqq-w4h9",
"modified": "2026-06-24T18:32:39Z",
"published": "2026-06-24T15:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57291"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3762%20(1)"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJMR-V62X-4F45
Vulnerability from github – Published: 2024-04-09 21:31 – Updated: 2024-04-09 21:31The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.
{
"affected": [],
"aliases": [
"CVE-2024-1904"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T19:15:20Z",
"severity": "MODERATE"
},
"details": "The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.",
"id": "GHSA-wjmr-v62x-4f45",
"modified": "2024-04-09T21:31:59Z",
"published": "2024-04-09T21:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1904"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3050967/masterstudy-lms-learning-management-system"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1be686d3-16b1-4ec7-b304-848ca4d7162c?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJPQ-G983-5GX7
Vulnerability from github – Published: 2025-07-18 09:30 – Updated: 2025-07-18 09:30The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
{
"affected": [],
"aliases": [
"CVE-2025-7772"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-18T07:15:28Z",
"severity": "MODERATE"
},
"details": "The Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.",
"id": "GHSA-wjpq-g983-5gx7",
"modified": "2025-07-18T09:30:31Z",
"published": "2025-07-18T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7772"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3309451%40wp-malware-removal\u0026new=3309451%40wp-malware-removal\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18ce05fa-0b10-4796-9e78-03e653b862da?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJQ5-2FC7-77V9
Vulnerability from github – Published: 2026-07-02 12:31 – Updated: 2026-07-02 12:31Subscriber Broken Access Control in Booked <= 3.0.0 versions.
{
"affected": [],
"aliases": [
"CVE-2026-57746"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-02T12:17:40Z",
"severity": "HIGH"
},
"details": "Subscriber Broken Access Control in Booked \u003c= 3.0.0 versions.",
"id": "GHSA-wjq5-2fc7-77v9",
"modified": "2026-07-02T12:31:02Z",
"published": "2026-07-02T12:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57746"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/booked/vulnerability/wordpress-booked-plugin-3-0-0-broken-access-control-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJW2-C8PQ-FW6M
Vulnerability from github – Published: 2025-08-01 06:31 – Updated: 2025-08-01 06:31A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-8435"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-01T05:15:37Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-wjw2-c8pq-fw6m",
"modified": "2025-08-01T06:31:37Z",
"published": "2025-08-01T06:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8435"
},
{
"type": "WEB",
"url": "https://github.com/i-Corner/cve/issues/15"
},
{
"type": "WEB",
"url": "https://code-projects.org"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.318463"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.318463"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.