CVEs from 2026
Total
13,904
critical
critical 1,207
high
high 4,524
medium
medium 4,354
low
low 480
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39506 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a th… | |||
| CVE-2026-39477 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2… | |||
| CVE-2026-39469 | medium | 4.3 | 4.3 | 2mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from … | |||
| CVE-2026-5705 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such m… | |||
| CVE-2026-5671 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/delete_batch.… | |||
| CVE-2026-5630 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cr… | |||
| CVE-2026-5625 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gpt_researcher/skills/researcher.py of the component WebSocket Interfa… | |||
| CVE-2026-5624 | medium | 4.3 | 4.3 | 2mo ago | A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack m… | |||
| CVE-2026-5615 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argume… | |||
| CVE-2026-5572 | medium | 4.3 | 4.3 | 2mo ago | A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can … | |||
| CVE-2026-5542 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation o… | |||
| CVE-2026-5541 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipu… | |||
| CVE-2026-5539 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firs… | |||
| CVE-2026-5533 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Han… | |||
| CVE-2026-5529 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipul… | |||
| CVE-2026-28736 | medium | 4.3 | 4.3 | 2mo ago | Focalboard doesn't validate file ownership when serving uploaded files | |||
| CVE-2026-5321 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-… | |||
| CVE-2026-5319 | medium | 4.3 | 4.3 | 2mo ago | A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads t… | |||
| CVE-2026-5318 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation … | |||
| CVE-2026-5313 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to deni… | |||
| CVE-2026-5240 | medium | 4.3 | 4.3 | 2mo ago | A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /admin_state.php. The manipulation of the argument statename leads … | |||
| CVE-2026-5157 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the ar… | |||
| CVE-2026-5031 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the a… | |||
| CVE-2026-5015 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename cause… | |||
| CVE-2026-4992 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulati… | |||
| CVE-2026-4971 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried… | |||
| CVE-2026-4968 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The… | |||
| CVE-2026-4898 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /dbfood/contact.php. The manipulation of the ar… | |||
| CVE-2026-4877 | medium | 4.3 | 4.3 | 2mo ago | A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page result… | |||
| CVE-2026-4848 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. This affects an unknown function of the file /admin/extend/list.html. Executing a manipulation of the argument Name can lead to cros… | |||
| CVE-2026-4847 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results i… | |||
| CVE-2026-4846 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The affected element is an unknown function of the file channel/admin.Account/autoReply.html. Such manipulation of the argument keyw… | |||
| CVE-2026-4845 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the file /admin/Member/index.html. This manipulation of the argument Search causes cross site scripting. I… | |||
| CVE-2026-28861 | medium | 4.3 | 4.3 | 2mo ago | Safari 26.4 | |||
| CVE-2026-33326 | medium | 4.3 | 4.3 | 2mo ago | @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany (CVE-2025-46720 incomplete fix) | |||
| CVE-2026-4563 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detai… | |||
| CVE-2026-4557 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s1.php. Performing a manipulation of the argument sname results in c… | |||
| CVE-2026-4510 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipu… | |||
| CVE-2026-32736 | medium | 4.3 | 4.3 | 3mo ago | The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference (IDOR) vulnerability in versions of the wiki prior to 1.0.0 exposes … | |||
| CVE-2026-4307 | medium | 4.3 | 4.3 | 3mo ago | A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get_abs_path of the file python/helpers/files.py. The manipulation results in path trav… | |||
| CVE-2026-4233 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was identified in ThingsGateway 12. This affects an unknown part of the file /api/file/download. The manipulation of the argument fileName leads to path traversal. Remote exploitation… | |||
| CVE-2026-32461 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simp… | |||
| CVE-2026-32408 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23. | |||
| CVE-2026-32394 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pu… | |||
| CVE-2026-32386 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.… | |||
| CVE-2026-3993 | medium | 4.3 | 4.3 | 3mo ago | A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the… | |||
| CVE-2026-3990 | medium | 4.3 | 4.3 | 3mo ago | A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argum… | |||
| CVE-2026-3982 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of t… | |||
| CVE-2026-3962 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render_template of the file Machine-Learning-W… | |||
| CVE-2026-3951 | medium | 4.3 | 4.3 | 3mo ago | A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js of the component Error Resp… | |||
| CVE-2026-29773 | medium | 4.3 | 4.3 | 3mo ago | Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding in github.com/kubewarden/kubewarden-controller | |||
| CVE-2026-2919 | medium | 4.3 | 4.3 | 3mo ago | Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the… | |||
| CVE-2026-28080 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO PRO: from n/a through 3.0.9… | |||
| CVE-2026-3610 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL … | |||
| CVE-2026-3286 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/i… | |||
| CVE-2026-3268 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttribute… | |||
| CVE-2026-3188 | medium | 4.3 | 4.3 | 3mo ago | A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a m… | |||
| CVE-2026-3186 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the compo… | |||
| CVE-2026-2943 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of th… | |||
| CVE-2026-27056 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <=… | |||
| CVE-2026-25387 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optim… | |||
| CVE-2026-2704 | medium | 4.3 | 4.3 | 3mo ago | A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the compone… | |||
| CVE-2026-2683 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The affected element is an unknown function of the file /Using/Subject/downLoad.html. Performing a manipul… | |||
| CVE-2026-2658 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation resu… | |||
| CVE-2026-2216 | medium | 4.3 | 4.3 | 4mo ago | A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the file apis/tools.py. Executing a manipulation of the argument filename can lead to p… | |||
| CVE-2026-2111 | medium | 4.3 | 4.3 | 4mo ago | A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Mod… | |||
| CVE-2026-1835 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. This affects an unknown part. The manipulation leads to cross-site request forgery. The attack is poss… | |||
| CVE-2026-20704 | medium | 4.3 | 4.3 | 4mo ago | Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed. | |||
| CVE-2026-1745 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. Remote exploitation of the a… | |||
| CVE-2026-1735 | medium | 4.3 | 4.3 | 4mo ago | A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is… | |||
| CVE-2026-1733 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id… | |||
| CVE-2026-1600 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The impacted element is an unknown function of the file /hungry/addtocart of the component Add-… | |||
| CVE-2026-1599 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component Che… | |||
| CVE-2026-1549 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component Plugi… | |||
| CVE-2026-24636 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lite) sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar … | |||
| CVE-2026-24627 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a… | |||
| CVE-2026-24598 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage … | |||
| CVE-2026-24596 | medium | 4.3 | 4.3 | 4mo ago | Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts … | |||
| CVE-2026-24588 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewe… | |||
| CVE-2026-24580 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2026-24579 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This is… | |||
| CVE-2026-24578 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login… | |||
| CVE-2026-24571 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a t… | |||
| CVE-2026-24569 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library F… | |||
| CVE-2026-24567 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Ord… | |||
| CVE-2026-24564 | medium | 4.3 | 4.3 | 4mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <… | |||
| CVE-2026-24563 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.2.1. | |||
| CVE-2026-24543 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Compa… | |||
| CVE-2026-24541 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Em… | |||
| CVE-2026-24535 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Level… | |||
| CVE-2026-24534 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <… | |||
| CVE-2026-24532 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This … | |||
| CVE-2026-24524 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.2.8. | |||
| CVE-2026-24522 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through … | |||
| CVE-2026-24387 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Qu… | |||
| CVE-2026-24386 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue … | |||
| CVE-2026-24377 | medium | 4.3 | 4.3 | 4mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue … | |||
| CVE-2026-24371 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Every… | |||
| CVE-2026-24358 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And … | |||
| CVE-2026-24357 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a thro… |