Export limit exceeded: 342339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7288 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13921 | 2 Wedevs, Wordpress | 2 Wedocs, Wordpress | 2026-01-26 | 4.3 Medium |
| The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' function in all versions up to, and including, 2.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit any documentation post. The vulnerability was partially patched in version 2.1.16. | ||||
| CVE-2026-0927 | 2 Iqonicdesign, Wordpress | 2 Kivicare – Clinic & Patient Management System (ehr), Wordpress | 2026-01-26 | 5.3 Medium |
| The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload text files and PDF documents to the affected site's server which may be leveraged for further attacks such as hosting malicious content or phishing pages via PDF files. | ||||
| CVE-2025-14947 | 2 Plugins360, Wordpress | 2 All-in-one Video Gallery, Wordpress | 2026-01-26 | 6.5 Medium |
| The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_create_bunny_stream_video`, `ajax_callback_get_bunny_stream_video`, and `ajax_callback_delete_bunny_stream_video` functions in all versions up to, and including, 4.6.4. This makes it possible for unauthenticated attackers to create and delete videos on the Bunny Stream CDN associated with the victim's account, provided they can obtain a valid nonce which is exposed in public player templates. | ||||
| CVE-2023-47762 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Betterdocs | 2026-01-23 | 4.3 Medium |
| Missing Authorization vulnerability in WPDeveloper BetterDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through 2.5.2. | ||||
| CVE-2022-46838 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-01-23 | 9.1 Critical |
| Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | ||||
| CVE-2022-46840 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-01-23 | 5.4 Medium |
| Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | ||||
| CVE-2022-47176 | 1 Averta | 1 Depicter Slider | 2026-01-23 | 4.3 Medium |
| Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0. | ||||
| CVE-2023-44258 | 1 Schemaapp | 1 Schema App Structured Data | 2026-01-23 | 5.3 Medium |
| Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1. | ||||
| CVE-2023-45104 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Betterlinks | 2026-01-23 | 7.3 High |
| Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through 1.6.0. | ||||
| CVE-2023-47179 | 2 Byconsole, Wordpress | 2 Wooodt Lite, Wordpress | 2026-01-23 | 8.8 High |
| Missing Authorization vulnerability in ByConsole WooODT Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through 2.4.6. | ||||
| CVE-2023-39994 | 1 Reputeinfosystems | 1 Armember | 2026-01-23 | 4.3 Medium |
| Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2. | ||||
| CVE-2025-59968 | 1 Juniper | 21 Junos, Junos Space, Space Security Director and 18 more | 2026-01-23 | 8.6 High |
| A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls. This issue affects Junos Space Security Director * all versions prior to 24.1R3 Patch V4 This issue does not affect managed cSRX Series devices. | ||||
| CVE-2024-31270 | 1 Reputeinfosystems | 1 Arforms Form Builder | 2026-01-23 | 7.6 High |
| Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | ||||
| CVE-2023-47788 | 2 Automattic, Wordpress | 2 Jetpack, Wordpress | 2026-01-23 | 4.3 Medium |
| Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7. | ||||
| CVE-2025-14757 | 2 Stylemixthemes, Wordpress | 2 Cost Calculator Builder, Wordpress | 2026-01-23 | 5.3 Medium |
| The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the complete_payment AJAX action being registered via wp_ajax_nopriv, making it accessible to unauthenticated users, and the complete() function only verifying a nonce without checking user capabilities or order ownership. Since nonces are exposed to all visitors via window.ccb_nonces in the page source, any unauthenticated attacker can mark any order's payment status as "completed" without actual payment. | ||||
| CVE-2025-14457 | 2 Codedropz, Wordpress | 3 Contact Form 7, Drag And Drop Multiple File Upload - Contact Form 7, Wordpress | 2026-01-23 | 3.7 Low |
| The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated attackers to delete arbitrary uploaded files when the "Send attachments as links" setting is enabled. | ||||
| CVE-2025-13781 | 1 Gitlab | 1 Gitlab | 2026-01-22 | 6.5 Medium |
| GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations. | ||||
| CVE-2023-47180 | 1 Xlplugins | 1 Finale | 2026-01-22 | 6.5 Medium |
| Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0. | ||||
| CVE-2026-0506 | 1 Sap | 6 Abap Platform, Application Server, Netweaver and 3 more | 2026-01-22 | 8.1 High |
| Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected. | ||||
| CVE-2025-13772 | 1 Gitlab | 1 Gitlab | 2026-01-22 | 7.1 High |
| GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests. | ||||