CVEs from 2026
Total
13,530
critical
critical 1,179
high
high 4,313
medium
medium 4,201
low
low 456
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5621 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulatio… | |||
| CVE-2026-5619 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipu… | |||
| CVE-2026-5603 | medium | 5.3 | 5.3 | 2mo ago | @elgentos/magento2-dev-mcp vulnerable to command injection | |||
| CVE-2026-5602 | medium | 5.3 | 5.3 | 2mo ago | @nor2/heim-mcp vulnerable to command injection | |||
| CVE-2026-5527 | medium | 5.3 | 5.3 | 2mo ago | A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Pr… | |||
| CVE-2026-3184 | medium | 5.3 | 5.3 | 2mo ago | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A … | |||
| CVE-2026-5342 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipu… | |||
| CVE-2026-5323 | medium | 5.3 | 5.3 | 2mo ago | a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function | |||
| CVE-2026-5236 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of t… | |||
| CVE-2026-5235 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation … | |||
| CVE-2026-5215 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |||
| CVE-2026-5186 | medium | 5.3 | 5.3 | 2mo ago | A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation cause… | |||
| CVE-2026-5185 | medium | 5.3 | 5.3 | 2mo ago | A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipula… | |||
| CVE-2026-5125 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_process.execSync of the file src/server.ts. The manipulation of the argument gi… | |||
| CVE-2026-5023 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the … | |||
| CVE-2026-5007 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulatio… | |||
| CVE-2026-27860 | medium | 5.3 | 5.3 | 2mo ago | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure… | |||
| CVE-2026-27859 | medium | 5.3 | 5.3 | 2mo ago | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU … | |||
| CVE-2026-0394 | medium | 5.3 | 5.3 | 2mo ago | When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the dom… | |||
| CVE-2026-32497 | medium | 5.3 | 5.3 | 2mo ago | Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45. | |||
| CVE-2026-32492 | medium | 5.3 | 5.3 | 2mo ago | Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1. | |||
| CVE-2026-28838 | medium | 5.3 | 5.3 | 2mo ago | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sand… | |||
| CVE-2026-4733 | medium | 5.3 | 5.3 | 2mo ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | |||
| CVE-2026-28809 | medium | 5.3 | 5.3 | 2mo ago | esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages | |||
| CVE-2026-4603 | medium | 5.3 | 5.3 | 2mo ago | jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations | |||
| CVE-2026-4530 | medium | 5.3 | 5.3 | 2mo ago | A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument D… | |||
| CVE-2026-4496 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child_process.exec of the file src/gitUtils.ts of th… | |||
| CVE-2026-1005 | medium | 5.3 | 5.3 | 2mo ago | Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authenticati… | |||
| CVE-2026-28070 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2. | |||
| CVE-2026-32565 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Rel… | |||
| CVE-2026-32586 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooC… | |||
| CVE-2026-4216 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. … | |||
| CVE-2026-4199 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command inj… | |||
| CVE-2026-4198 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command inj… | |||
| CVE-2026-32438 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education:… | |||
| CVE-2026-32437 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= … | |||
| CVE-2026-32436 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a throu… | |||
| CVE-2026-32435 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4… | |||
| CVE-2026-32434 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4. | |||
| CVE-2026-32427 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from … | |||
| CVE-2026-32421 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a throu… | |||
| CVE-2026-32413 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager… | |||
| CVE-2026-32410 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Cu… | |||
| CVE-2026-32409 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects F… | |||
| CVE-2026-32404 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor:… | |||
| CVE-2026-32397 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through … | |||
| CVE-2026-32396 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13. | |||
| CVE-2026-32395 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2026-32383 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2. | |||
| CVE-2026-32347 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe… | |||
| CVE-2026-32346 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through… | |||
| CVE-2026-32345 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from… | |||
| CVE-2026-32332 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9. | |||
| CVE-2026-31916 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post S… | |||
| CVE-2026-31915 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6. | |||
| CVE-2026-23943 | medium | 5.3 | 5.3 | 3mo ago | Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advert… | |||
| CVE-2026-4016 | medium | 5.3 | 5.3 | 3mo ago | A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipula… | |||
| CVE-2026-4015 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lea… | |||
| CVE-2026-3994 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File… | |||
| CVE-2026-3979 | medium | 5.3 | 5.3 | 3mo ago | A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local… | |||
| CVE-2026-3964 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the ar… | |||
| CVE-2026-3959 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The … | |||
| CVE-2026-2742 | medium | 5.3 | 5.3 | 3mo ago | Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash | |||
| CVE-2026-3713 | medium | 5.3 | 5.3 | 3mo ago | A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of … | |||
| CVE-2026-3707 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_h… | |||
| CVE-2026-3675 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation… | |||
| CVE-2026-3674 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipula… | |||
| CVE-2026-3670 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The… | |||
| CVE-2026-3669 | medium | 5.3 | 5.3 | 3mo ago | A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authori… | |||
| CVE-2026-3667 | medium | 5.3 | 5.3 | 3mo ago | A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation resul… | |||
| CVE-2026-28132 | medium | 5.3 | 5.3 | 3mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects … | |||
| CVE-2026-2896 | medium | 5.3 | 5.3 | 3mo ago | funadmin has Incorrect Privilege Assignment in its Configuration Handler | |||
| CVE-2026-2851 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repo… | |||
| CVE-2026-27066 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Securit… | |||
| CVE-2026-25370 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a … | |||
| CVE-2026-25006 | medium | 5.3 | 5.3 | 3mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4. | |||
| CVE-2026-23548 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a … | |||
| CVE-2026-23543 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issu… | |||
| CVE-2026-2672 | medium | 5.3 | 5.3 | 3mo ago | A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Pe… | |||
| CVE-2026-22796 | medium | 5.3 | 5.3 | 4mo ago | Important: openssl security update | |||
| CVE-2026-24633 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue … | |||
| CVE-2026-24619 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… | |||
| CVE-2026-24615 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a thro… | |||
| CVE-2026-24613 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2026-24612 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <=… | |||
| CVE-2026-24607 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a… | |||
| CVE-2026-24606 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: … | |||
| CVE-2026-24604 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… | |||
| CVE-2026-24603 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Lev… | |||
| CVE-2026-24583 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This i… | |||
| CVE-2026-24577 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a th… | |||
| CVE-2026-24568 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0. | |||
| CVE-2026-24562 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu – Product R… | |||
| CVE-2026-24559 | medium | 5.3 | 5.3 | 4mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration … | |||
| CVE-2026-24556 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.… | |||
| CVE-2026-24539 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección … | |||
| CVE-2026-24536 | medium | 5.3 | 5.3 | 4mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affect… | |||
| CVE-2026-24530 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a t… | |||
| CVE-2026-24525 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: fro… | |||
| CVE-2026-24523 | medium | 5.3 | 5.3 | 4mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue aff… |