b4r
blog cve me tags achievements
  1. Tags
  2. authorization
  • breaking shopper checkout from settings

    cve-2026-56826 let low-privileged shopper users with settings access delete tax, zone, shipping, and carrier configuration through missing authorization on Livewire actions

    b b4r
    July 2, 2026
    5 min read
    vulnerability cve web exploitation authorization
  • a delete bypass in misp through crudcomponent

    cve-2026-10860 let a low-privileged galaxy editor delete another organisation galaxy in misp through a delete-path validation bypass

    b b4r
    June 21, 2026
    3 min read
    vulnerability cve web exploitation authorization
  • an event media authz bug in zoneminder

    cve-2026-54258 let low-privileged zoneminder users fetch private event media from monitors they were not allowed to access

    b b4r
    June 13, 2026
    3 min read
    vulnerability cve web exploitation authorization
  • a second-order ddns authz bug in nezha

    cve-2026-53521 let a stored future ddns profile id turn into another user ddns profile context later in nezha

    b b4r
    June 10, 2026
    3 min read
    vulnerability cve web exploitation authorization
© 2026 All rights reserved.