Search Results (8693 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-44734 1 Opf 1 Openproject 2026-06-27 6.5 Medium
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and update actions allow any authenticated user to modify the name, filters, and grouping of any Public cost report in the system without verifying ownership or permission level. An attacker who discovers or guesses a public report's numeric ID can rename or overwrite its filter configuration without any warning to the report's owner. This vulnerability is fixed in 17.3.2 and 17.4.0.
CVE-2026-56773 1 Teableio 1 Teable 2026-06-27 8.8 High
Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.
CVE-2026-12411 1 Canonical 1 Lxd 2026-06-27 8.4 High
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
CVE-2026-47193 1 Opf 1 Openproject 2026-06-26 7.5 High
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1.
CVE-2026-57661 2 Nexcess, Wordpress 2 Wpcomplete, Wordpress 2026-06-26 5.4 Medium
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
CVE-2026-52701 2 Themegrill, Wordpress 2 User Registration, Wordpress 2026-06-26 6.5 Medium
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
CVE-2026-57324 2 Villatheme, Wordpress 2 Gift4u, Wordpress 2026-06-26 6.5 Medium
Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.
CVE-2026-57622 2 Arraytics, Wordpress 2 Wpcafe, Wordpress 2026-06-26 4.3 Medium
Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.
CVE-2026-54847 2 Design, Wordpress 2 Stylish Cost Calculator, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
CVE-2026-54029 1 Danny-avila 1 Libre Chat 2026-06-26 5.3 Medium
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId belongs to the requesting user, but the handler calls deleteMessages({ messageId }) using only the messageId as the MongoDB filter — without adding a user constraint. An attacker provides their own valid conversationId (to pass validation) and the victim's messageId (to target deletion), resulting in permanent, irrecoverable message deletion. This vulnerability is fixed in 0.8.4-rc1.
CVE-2026-57923 1 Jetbrains 1 Youtrack 2026-06-26 5.3 Medium
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings
CVE-2026-57925 1 Jetbrains 1 Youtrack 2026-06-26 4.3 Medium
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
CVE-2026-57921 1 Jetbrains 1 Youtrack 2026-06-26 4.3 Medium
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
CVE-2026-57922 1 Jetbrains 1 Youtrack 2026-06-26 3.1 Low
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
CVE-2026-54027 1 Danny-avila 1 Libre Chat 2026-06-26 6.5 Medium
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool_resources (e.g., context, execute_code) without verifying ownership or EDIT permission on the target agent. A permission check was added to the POST /api/files route in a previous patch, but the image upload route was never updated with the same check. An attacker can simply use the image endpoint instead of the file endpoint to bypass the authorization entirely. This vulnerability is fixed in 0.8.4-rc1.
CVE-2026-2299 1 Mattermost 1 Mattermost Google Drive Plugin 2026-06-26 4.2 Medium
The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership.
CVE-2026-1869 2 Wordpress, Wpeverest 2 Wordpress, User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 2026-06-26 6.5 Medium
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirm_payment() function in all versions up to, and including, 5.2.0. This makes it possible for unauthenticated attackers to bypass payment processing and activate paid memberships.
CVE-2026-38329 1 Bludit 1 Bludit Cms 2026-06-26 9.8 Critical
Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and execute arbitrary code on the server.
CVE-2026-39533 2 Wordpress, Wptasty 2 Wordpress, Awp Classifieds 2026-06-26 7.5 High
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
CVE-2026-6964 2 J 3rk, Wordpress 2 Video Conferencing With Zoom, Wordpress 2026-06-26 5.3 Medium
The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain the site's Zoom SDK API key and a freshly-signed JWT that can be used with the Zoom Web SDK to join any Zoom meeting associated with those credentials without a legitimate invitation.