CVEs from 2026
Total
13,570
critical
critical 1,185
high
high 4,339
medium
medium 4,230
low
low 458
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 434
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6860 | medium | 5.3 | 5.3 | 26d ago | Vert.x has a DoS via unbounded server-side SNI SslContext cache growth | |||
| CVE-2026-3208 | medium | 5.3 | 5.3 | 27d ago | The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' WooCommerce API endpoint in all ver… | |||
| CVE-2026-43881 | medium | 5.3 | 5.3 | 27d ago | AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the Admin-Only Listing Restriction | |||
| CVE-2026-43880 | medium | 5.3 | 5.3 | 27d ago | AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Enables Phishing from the Site’s Legitimate From Address | |||
| CVE-2026-34527 | medium | 5.3 | 5.3 | 27d ago | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high… | |||
| CVE-2026-33420 | medium | 5.3 | 5.3 | 27d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{org_id}/collections/details) is missing … | |||
| CVE-2026-6907 | medium | 5.3 | 5.3 | 27d ago | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). T… | |||
| CVE-2026-43002 | medium | 5.3 | 5.3 | 27d ago | OpenStack Horizon has Incorrect Behavior Order | |||
| CVE-2026-5766 | medium | 5.3 | 5.3 | 27d ago | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially … | |||
| CVE-2026-43572 | medium | 5.3 | 5.3 | 27d ago | OpenClaw: Microsoft Teams SSO invoke handler missed sender authorization checks | |||
| CVE-2026-43868 | medium | 5.3 | 5.3 | 27d ago | Apache Thrift has a Memory Allocation with Excessive Size Value Vulnerability | |||
| CVE-2026-2729 | medium | 5.3 | 5.3 | 27d ago | The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to p… | |||
| CVE-2026-44029 | medium | 5.3 | 5.3 | 28d ago | An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.… | |||
| CVE-2026-41572 | medium | 5.3 | 5.3 | 28d ago | Note Mark: Unauthenticated read of notes and assets in soft-deleted public books | |||
| CVE-2026-33007 | medium | 5.3 | 5.3 | 28d ago | Important: httpd security update | |||
| CVE-2026-34032 | medium | 5.3 | 5.3 | 28d ago | Important: httpd security update | |||
| CVE-2026-33857 | medium | 5.3 | 5.3 | 28d ago | Important: httpd security update | |||
| CVE-2026-5335 | medium | 5.3 | 5.3 | 28d ago | The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information. | |||
| CVE-2026-7722 | medium | 5.3 | 5.3 | 29d ago | Prefect Auth Bypass via endswith() Health Check Exemption | |||
| CVE-2026-7702 | medium | 5.3 | 5.3 | 29d ago | A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview E… | |||
| CVE-2026-7686 | medium | 5.3 | 5.3 | 29d ago | A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activa… | |||
| CVE-2026-40561 | medium | 5.3 | 5.3 | 1mo ago | Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both head… | |||
| CVE-2026-3504 | medium | 5.3 | 5.3 | 1mo ago | The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/… | |||
| CVE-2026-4024 | medium | 5.3 | 5.3 | 1mo ago | The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versio… | |||
| CVE-2026-6449 | medium | 5.3 | 5.3 | 1mo ago | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circ… | |||
| CVE-2026-4650 | medium | 5.3 | 5.3 | 1mo ago | The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the… | |||
| CVE-2026-7638 | medium | 5.3 | 5.3 | 1mo ago | The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to miss… | |||
| CVE-2026-7589 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function create_csv_export of the file services/csv-export-service… | |||
| CVE-2026-7588 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get_style_guide/get_best_practices of the file server.py. The manipulation of the argument Language results i… | |||
| CVE-2026-7582 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Ha… | |||
| CVE-2026-3143 | medium | 5.3 | 5.3 | 1mo ago | The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax… | |||
| CVE-2026-7580 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argum… | |||
| CVE-2026-7536 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a… | |||
| CVE-2026-40686 | medium | 5.3 | 5.3 | 1mo ago | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged with… | |||
| CVE-2026-6498 | medium | 5.3 | 5.3 | 1mo ago | The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the valid_payment() function… | |||
| CVE-2026-42800 | medium | 5.3 | 5.3 | 1mo ago | NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/s… | |||
| CVE-2026-7403 | medium | 5.3 | 5.3 | 1mo ago | A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name results in … | |||
| CVE-2026-7396 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Ad… | |||
| CVE-2026-42644 | medium | 5.3 | 5.3 | 1mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: fr… | |||
| CVE-2026-42642 | medium | 5.3 | 5.3 | 1mo ago | Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 4.14.5. | |||
| CVE-2026-22745 | medium | 5.3 | 5.3 | 1mo ago | Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources | |||
| CVE-2026-4019 | medium | 5.3 | 5.3 | 1mo ago | The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/co… | |||
| CVE-2026-42427 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection (GHSA-cm8v-2vh9-cxf3 class) | |||
| CVE-2026-41407 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Shared-secret comparison call sites leaked length information through timing | |||
| CVE-2026-41374 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw runs Discord audio preflight transcription before member authorization | |||
| CVE-2026-40969 | medium | 5.3 | 5.3 | 1mo ago | Spring gRPC AuthenticationException messages are reflected to remote client | |||
| CVE-2026-7271 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was detected in DV0x creative-ad-agent up to 751b9e5146604dc65049bd0f62dcbdad6212f8a3. Impacted is an unknown function of the file server/sdk-server.ts of the component creative-ad-ag… | |||
| CVE-2026-41606 | medium | 5.3 | 5.3 | 1mo ago | Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |||
| CVE-2026-7235 | medium | 5.3 | 5.3 | 1mo ago | A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file … | |||
| CVE-2026-4911 | medium | 5.3 | 5.3 | 1mo ago | The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe() function passing user-controlled $_POST['amo… | |||
| CVE-2026-7217 | medium | 5.3 | 5.3 | 1mo ago | A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-of… | |||
| CVE-2026-7183 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulati… | |||
| CVE-2026-7179 | medium | 5.3 | 5.3 | 1mo ago | A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the comp… | |||
| CVE-2026-7135 | medium | 5.3 | 5.3 | 1mo ago | A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the comp… | |||
| CVE-2026-42037 | medium | 5.3 | 5.3 | 1mo ago | Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream | |||
| CVE-2026-42036 | medium | 5.3 | 5.3 | 1mo ago | Axios: HTTP adapter streamed responses bypass maxContentLength | |||
| CVE-2026-42034 | medium | 5.3 | 5.3 | 1mo ago | Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0 | |||
| CVE-2026-40431 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication… | |||
| CVE-2026-23865 | medium | 5.3 | 5.3 | 1mo ago | RHSA-2026:9689: java-21-openjdk security update (Important) | |||
| CVE-2026-41354 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders | |||
| CVE-2026-41351 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding | |||
| CVE-2026-41345 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by… | |||
| CVE-2026-41343 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification | |||
| CVE-2026-41337 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection | |||
| CVE-2026-41335 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability | |||
| CVE-2026-41332 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override | |||
| CVE-2026-2708 | medium | 5.3 | 5.3 | 1mo ago | A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each hea… | |||
| CVE-2026-40894 | medium | 5.3 | 5.3 | 1mo ago | OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers | |||
| CVE-2026-40891 | medium | 5.3 | 5.3 | 1mo ago | OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling | |||
| CVE-2026-41182 | medium | 5.3 | 5.3 | 1mo ago | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redacti… | |||
| CVE-2026-35345 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continue… | |||
| CVE-2026-35061 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery. | |||
| CVE-2026-33093 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment. | |||
| CVE-2026-32648 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device. | |||
| CVE-2026-6491 | medium | 5.3 | 5.3 | 2mo ago | A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such… | |||
| CVE-2026-24749 | medium | 5.3 | 5.3 | 2mo ago | Silverstripe Assets Module has a DBFile::getURL() permission bypass | |||
| CVE-2026-40778 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: … | |||
| CVE-2026-40742 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: fr… | |||
| CVE-2026-28421 | medium | 5.3 | 5.3 | 2mo ago | RHSA-2026:6915: vim security update (Important) | |||
| CVE-2026-6219 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulati… | |||
| CVE-2026-5504 | medium | 5.3 | 5.3 | 2mo ago | A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfS… | |||
| CVE-2026-5772 | medium | 5.3 | 5.3 | 2mo ago | A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * e… | |||
| CVE-2026-5833 | medium | 5.3 | 5.3 | 2mo ago | awwaiid mcp-server-taskwarrior vulnerable to command injection | |||
| CVE-2026-39716 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8. | |||
| CVE-2026-39713 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly … | |||
| CVE-2026-39712 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a th… | |||
| CVE-2026-39706 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a throug… | |||
| CVE-2026-39704 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access C… | |||
| CVE-2026-39701 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4. | |||
| CVE-2026-39700 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32. | |||
| CVE-2026-39698 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects T… | |||
| CVE-2026-39697 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2026-39694 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Si… | |||
| CVE-2026-39689 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from … | |||
| CVE-2026-39688 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profil… | |||
| CVE-2026-39687 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rap… | |||
| CVE-2026-39686 | medium | 5.3 | 5.3 | 2mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PD… | |||
| CVE-2026-39682 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: fr… | |||
| CVE-2026-39680 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet … | |||
| CVE-2026-39678 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking Sy… |