Export limit exceeded: 11397 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11397 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10609 | 1 Redhat | 2 Logging, Logging Subsystem For Red Hat Openshift | 2026-06-23 | 6.8 Medium |
| A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrate SA tokens and escalate privileges. | ||||
| CVE-2026-45692 | 1 Caddyserver | 1 Caddy | 2026-06-23 | 5.4 Medium |
| Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different config object during traversal. This happens because the authorization layer uses string prefix matching and the /config traversal layer parses array indices numerically using strconv.Atoi(). This vulnerability is fixed in 2.11.3. | ||||
| CVE-2026-34023 | 1 Wertheim | 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) | 2026-06-23 | N/A |
| The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches. This allows the attacker to access restricted functions and resources in other branches, including activating boxes outside of the user's authorized branch. | ||||
| CVE-2026-34024 | 1 Wertheim | 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) | 2026-06-23 | N/A |
| The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches. | ||||
| CVE-2026-5230 | 1 Mia Technology | 1 Pizzy Library | 2026-06-23 | 7.1 High |
| Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250. | ||||
| CVE-2025-68049 | 2 Bunny.net, Wordpress | 2 Bunny.net, Wordpress | 2026-06-23 | 6.3 Medium |
| Subscriber Broken Access Control in bunny.net <= 2.3.6 versions. | ||||
| CVE-2025-69332 | 2 Mycred, Wordpress | 2 Bookify, Wordpress | 2026-06-23 | 6.5 Medium |
| Subscriber Broken Access Control in Bookify <= 1.1.1 versions. | ||||
| CVE-2026-25425 | 2 Themegrill, Wordpress | 2 User Registration, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions. | ||||
| CVE-2026-34898 | 2 Wordpress, Wp Swings | 2 Wordpress, Event Tickets Manager For Woocommerce | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions. | ||||
| CVE-2026-39525 | 2 Booking Activities Team, Wordpress | 2 Booking Activities, Wordpress | 2026-06-23 | 6.5 Medium |
| Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions. | ||||
| CVE-2026-39594 | 2 Themefic, Wordpress | 2 Ultra Addons For Wpforms, Wordpress | 2026-06-23 | 6.4 Medium |
| Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions. | ||||
| CVE-2026-40741 | 2 Jose Conti, Wordpress | 2 Redsys For Woocommerce Light, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions. | ||||
| CVE-2026-40775 | 2 Royal Plugins, Wordpress | 2 Royal Mcp, Wordpress | 2026-06-23 | 7.3 High |
| Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions. | ||||
| CVE-2026-40776 | 2 Arraytics, Wordpress | 2 Wp Event Solution, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions. | ||||
| CVE-2026-40795 | 2 Tms, Wordpress | 2 Amelia, Wordpress | 2026-06-23 | 6.5 Medium |
| Subscriber Broken Access Control in Amelia <= 2.2 versions. | ||||
| CVE-2026-42664 | 2 Motive Commerce Search, Wordpress | 2 Ai Product Search For Woocommerce – Motive Commerce Search, Wordpress | 2026-06-23 | 8.2 High |
| Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions. | ||||
| CVE-2026-42666 | 2 Dimitri Grassi, Wordpress | 2 Salon Booking System, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions. | ||||
| CVE-2026-48835 | 2 Awesomemotive, Wordpress | 2 Contact Form By Wpforms, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions. | ||||
| CVE-2026-48887 | 2 Ahmad, Wordpress | 2 Js Help Desk, Wordpress | 2026-06-23 | 6.5 Medium |
| Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions. | ||||
| CVE-2026-49070 | 2 Knit Pay, Wordpress | 2 Knit Pay, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions. | ||||