CVEs from 2026
Total
14,726
critical
critical 1,327
high
high 4,986
medium
medium 4,775
low
low 502
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44212 | critical | 9.3 | 9.3 | 28d ago | PrestaShop has a stored XSS executable in customer service view | |||
| CVE-2026-43526 | critical | 9.3 | 9.3 | 1mo ago | OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes | |||
| CVE-2026-40797 | critical | 9.3 | 9.3 | 1mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: … | |||
| CVE-2026-7161 | critical | 9.3 | 9.3 | 1mo ago | An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att… | |||
| CVE-2026-42363 | critical | 9.3 | 9.3 | 1mo ago | An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att… | |||
| CVE-2026-33102 | critical | 9.3 | 9.3 | 1mo ago | Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-32210 | critical | 9.3 | 9.3 | 1mo ago | Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-40959 | critical | 9.3 | 9.3 | 2mo ago | Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. | |||
| CVE-2026-34615 | critical | 9.3 | 9.3 | 2mo ago | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An… | |||
| CVE-2026-27246 | critical | 9.3 | 9.3 | 2mo ago | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a … | |||
| CVE-2026-27245 | critical | 9.3 | 9.3 | 2mo ago | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a … | |||
| CVE-2026-27243 | critical | 9.3 | 9.3 | 2mo ago | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a … | |||
| CVE-2026-31845 | critical | 9.3 | 9.3 | 2mo ago | A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflect… | |||
| CVE-2026-27413 | critical | 9.3 | 9.3 | 3mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro:… | |||
| CVE-2026-6209 | critical | 9.1 | 9.1 | 13h ago | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||
| CVE-2026-6208 | critical | 9.1 | 9.1 | 13h ago | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||
| CVE-2026-6207 | critical | 9.1 | 9.1 | 13h ago | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||
| CVE-2026-48579 | critical | 9.1 | 9.1 | 1d ago | Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2026-11153 | critical | 9.1 | 9.1 | 1d ago | Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-48040 | critical | 9.1 | 9.1 | 1d ago | The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses… | |||
| CVE-2026-50076 | critical | 9.1 | 9.1 | 1d ago | Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChec… | |||
| CVE-2026-46266 | critical | 9.1 | 9.1 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IP… | |||
| CVE-2026-46244 | critical | 9.1 | 9.1 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() … | |||
| CVE-2026-8644 | critical | 9.1 | 9.1 | 4d ago | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. | |||
| CVE-2026-42682 | critical | 9.1 | 9.1 | 5d ago | Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6. | |||
| CVE-2026-42252 | critical | 9.1 | 9.1 | 5d ago | Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] … | |||
| CVE-2026-48188 | critical | 9.1 | 9.1 | 5d ago | An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue o… | |||
| CVE-2026-9051 | critical | 9.1 | 9.1 | 7d ago | There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to pr… | |||
| CVE-2026-5386 | critical | 9.1 | 9.1 | 7d ago | The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without … | |||
| CVE-2026-48501 | critical | 9.1 | 9.1 | 8d ago | GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release … | |||
| CVE-2026-4290 | critical | 9.1 | 9.1 | 8d ago | The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint in all versions up to, and including, 10.6.0. Th… | |||
| CVE-2026-46819 | critical | 9.1 | 9.1 | 8d ago | Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploi… | |||
| CVE-2026-9098 | critical | 9.1 | 9.1 | 8d ago | In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnReques… | |||
| CVE-2026-9092 | critical | 9.1 | 9.1 | 8d ago | Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without… | |||
| CVE-2026-9090 | critical | 9.1 | 9.1 | 8d ago | Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extra… | |||
| CVE-2026-22872 | critical | 9.1 | 9.1 | 8d ago | Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets th… | |||
| CVE-2026-46185 | critical | 9.1 | 9.1 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlink_data() Since smb2_check_message() returns success without length validation for the… | |||
| CVE-2026-46155 | critical | 9.1 | 9.1 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2_compound_op() If a server sends a truncated response but a large OutputBufferLength, a… | |||
| CVE-2026-46119 | critical | 9.1 | 9.1 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a (potentially corrupted) message of type CEPH_MSG_AUTH_REPL… | |||
| CVE-2026-7876 | critical | 9.1 | 9.1 | 10d ago | IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 | |||
| CVE-2026-46043 | critical | 9.1 | 9.1 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that the incoming packet is at l… | |||
| CVE-2026-49002 | critical | 9.1 | 9.1 | 10d ago | Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and mo… | |||
| CVE-2026-8450 | critical | 9.1 | 9.1 | 10d ago | HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cm… | |||
| CVE-2026-44444 | critical | 9.1 | 9.1 | 10d ago | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety sca… | |||
| CVE-2026-44449 | critical | 9.1 | 9.1 | 10d ago | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and only validates the directory … | |||
| CVE-2026-8856 | critical | 9.1 | 9.1 | 10d ago | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration. | |||
| CVE-2026-42496 | critical | 9.1 | 9.1 | 11d ago | Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() with… | |||
| CVE-2026-2332 | critical | 9.1 | 9.1 | 11d ago | Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing | |||
| CVE-2026-33843 | critical | 9.1 | 9.1 | 14d ago | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-8673 | critical | 9.1 | 9.1 | 15d ago | Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0. | |||
| CVE-2026-42508 | critical | 9.1 | 9.1 | 15d ago | Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked. | |||
| CVE-2026-39834 | critical | 9.1 | 9.1 | 15d ago | When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty pack… | |||
| CVE-2026-39833 | critical | 9.1 | 9.1 | 15d ago | The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indicatio… | |||
| CVE-2026-39832 | critical | 9.1 | 9.1 | 15d ago | When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forward… | |||
| CVE-2026-39831 | critical | 9.1 | 9.1 | 15d ago | The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch … | |||
| CVE-2026-39830 | critical | 9.1 | 9.1 | 15d ago | A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), r… | |||
| CVE-2026-33000 | critical | 9.1 | 9.1 | 15d ago | A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | |||
| CVE-2026-5433 | critical | 9.1 | 9.1 | 16d ago | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||
| CVE-2026-47372 | critical | 9.1 | 9.1 | 16d ago | Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography. | |||
| CVE-2026-8598 | critical | 9.1 | 9.1 | 17d ago | An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as op… | |||
| CVE-2026-8602 | critical | 9.1 | 9.1 | 17d ago | In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sen… | |||
| CVE-2026-31071 | critical | 9.1 | 9.1 | 18d ago | API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt p… | |||
| CVE-2026-2586 | critical | 9.1 | 9.1 | 18d ago | GlassFish's Administration Console is Vulnerable to RCE | |||
| CVE-2026-8948 | critical | 9.1 | 9.1 | 18d ago | Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | |||
| CVE-2026-41919 | critical | 9.1 | 9.1 | 18d ago | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrad… | |||
| CVE-2026-31986 | critical | 9.1 | 9.1 | 18d ago | Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |||
| CVE-2026-45230 | critical | 9.1 | 9.1 | 18d ago | DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary fi… | |||
| CVE-2026-41947 | critical | 9.1 | 9.1 | 19d ago | Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant owners… | |||
| CVE-2026-7302 | critical | 9.1 | 9.1 | 19d ago | SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability | |||
| CVE-2026-8757 | critical | 9.1 | 9.1 | 20d ago | A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Perfor… | |||
| CVE-2026-8686 | critical | 9.1 | 9.1 | 21d ago | Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users s… | |||
| CVE-2026-45010 | critical | 9.1 | 9.1 | 21d ago | phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session bind… | |||
| CVE-2026-41258 | critical | 9.1 | 9.1 | 21d ago | OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange | |||
| CVE-2026-45787 | critical | 9.1 | 9.1 | 22d ago | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid… | |||
| CVE-2026-8634 | critical | 9.1 | 9.1 | 22d ago | Crabbox: environment variable exposure vulnerability | |||
| CVE-2026-46470 | critical | 9.1 | 9.1 | 22d ago | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before per… | |||
| CVE-2026-44542 | critical | 9.1 | 9.1 | 22d ago | FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitrary File Deletion | |||
| CVE-2026-42555 | critical | 9.1 | 9.1 | 22d ago | Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users | |||
| CVE-2026-6512 | critical | 9.1 | 9.1 | 23d ago | The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized t… | |||
| CVE-2026-45158 | critical | 9.1 | 9.1 | 23d ago | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell scrip… | |||
| CVE-2026-44194 | critical | 9.1 | 9.1 | 23d ago | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileg… | |||
| CVE-2026-44193 | critical | 9.1 | 9.1 | 23d ago | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. T… | |||
| CVE-2026-45714 | critical | 9.1 | 9.1 | 23d ago | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates, Inv… | |||
| CVE-2026-45053 | critical | 9.1 | 9.1 | 23d ago | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint (POST /api/v1/files) of CubeCart. The end… | |||
| CVE-2026-44377 | critical | 9.1 | 9.1 | 23d ago | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates and … | |||
| CVE-2026-44351 | critical | 9.1 | 9.1 | 23d ago | fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver | |||
| CVE-2026-42584 | critical | 9.1 | 9.1 | 23d ago | Netty has HttpClientCodec response desynchronization | |||
| CVE-2026-42579 | critical | 9.1 | 9.1 | 23d ago | Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder) | |||
| CVE-2026-42032 | critical | 9.1 | 9.1 | 23d ago | CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql` | |||
| CVE-2026-44007 | critical | 9.1 | 9.1 | 23d ago | vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution | |||
| CVE-2026-41225 | critical | 9.1 | 9.1 | 24d ago | A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note… | |||
| CVE-2026-44650 | critical | 9.1 | 9.1 | 24d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-42889 | critical | 9.1 | 9.1 | 24d ago | Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured… | |||
| CVE-2026-44277 | critical | 9.1 | 9.1 | 24d ago | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attack… | |||
| CVE-2026-44196 | critical | 9.1 | 9.1 | 24d ago | Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and … | |||
| CVE-2026-42833 | critical | 9.1 | 9.1 | 24d ago | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | |||
| CVE-2026-41103 | critical | 9.1 | 9.1 | 24d ago | Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-33117 | critical | 9.1 | 9.1 | 24d ago | The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected a… | |||
| CVE-2026-31242 | critical | 9.1 | 9.1 | 24d ago | The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE r… | |||
| CVE-2026-29204 | critical | 9.1 | 9.1 | 24d ago | Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized ac… |