Export limit exceeded: 11952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57774 | 2 Vowelweb, Wordpress | 2 Vw Food Corner, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through <= 1.1.0. | ||||
| CVE-2026-57776 | 2 Vowelweb, Wordpress | 2 Vw Wedding, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Wedding: from n/a through <= 1.3.7. | ||||
| CVE-2026-57779 | 2 Themebeez, Wordpress | 2 Fascinate, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through <= 1.1.5. | ||||
| CVE-2026-57781 | 2 Sovlix, Wordpress | 2 Meetinghub, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MeetingHub: from n/a through <= 1.25.10. | ||||
| CVE-2026-57782 | 2 Presstigers, Wordpress | 2 Universal Clocks, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in PressTigers Universal Clocks universal-clocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Clocks: from n/a through <= 1.2.0. | ||||
| CVE-2026-61952 | 2 Jose Vega, Wordpress | 2 Woocommerce Bulk Edit Products – Wp Sheet Editor, Wordpress | 2026-07-13 | 4.9 Medium |
| Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through <= 1.8.21. | ||||
| CVE-2026-61985 | 2 Magepeopleteam, Wordpress | 2 Car Rental Manager, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through <= 1.3.7. | ||||
| CVE-2026-14934 | 2 Google, Google Cloud | 3 Cloud Platform, Bigquery, Colab Enterprise | 2026-07-13 | N/A |
| A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. This vulnerability was patched on 10 May 2026, and no customer action is needed. | ||||
| CVE-2026-9824 | 1 Mattermost | 1 Mattermost | 2026-07-13 | 4.3 Medium |
| Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to check the manage_shared_channels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash command autocomplete.. Mattermost Advisory ID: MMSA-2026-00676 | ||||
| CVE-2026-12103 | 2 Subratamal, Wordpress | 2 Wallet For Woocommerce, Wordpress | 2026-07-13 | 4.3 Medium |
| The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to enumerate the login name, email address, and user ID of all WordPress accounts — including administrators — by submitting arbitrary search terms to the AJAX handler. The required 'search-user' nonce is localized into the wallet_param object on the standard WooCommerce My Account page, which is accessible to any authenticated user, making it trivially obtainable by a Subscriber. | ||||
| CVE-2026-61968 | 2026-07-13 | 5.4 Medium | ||
| Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 3.1.2. | ||||
| CVE-2026-61983 | 2 Andymoyle, Wordpress | 2 Church Admin, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through <= 5.0.30. | ||||
| CVE-2026-62147 | 1 Redhat | 1 Openshift Distributed Tracing | 2026-07-13 | 6.5 Medium |
| The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces. | ||||
| CVE-2026-61958 | 2026-07-13 | 5.4 Medium | ||
| Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects License Manager for WooCommerce: from n/a through <= 3.0.17. | ||||
| CVE-2026-57797 | 2 Thememove, Wordpress | 2 Edumall, Wordpress | 2026-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through <= 4.5.1. | ||||
| CVE-2026-9820 | 1 Mattermost | 1 Mattermost | 2026-07-13 | 3.8 Low |
| Mattermost versions 11.7.x <= 11.7.2, 10.11.x <= 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for private teams and use them to join or share access to those teams via the scheme teams API endpoint.. Mattermost Advisory ID: MMSA-2026-00671 | ||||
| CVE-2026-57812 | 2 Nsquared, Wordpress | 2 Simply Schedule Appointments, Wordpress | 2026-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.12.4. | ||||
| CVE-2026-10085 | 1 Mattermost | 1 Mattermost | 2026-07-13 | 5.4 Medium |
| Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation via the channel patch API.. Mattermost Advisory ID: MMSA-2026-00688 | ||||
| CVE-2026-10106 | 1 Mattermost | 1 Mattermost | 2026-07-13 | 6.5 Medium |
| Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in that channel via a cookie obtained from any accessible channel.. Mattermost Advisory ID: MMSA-2026-00690 | ||||
| CVE-2026-57727 | 2 Themeum, Wordpress | 2 Kirki, Wordpress | 2026-07-13 | 7.5 High |
| Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through <= 6.0.13. | ||||