Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (8456 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-48881 2 Themetechmount, Wordpress 2 Truebooker, Wordpress 2026-06-16 9.1 Critical
Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.
CVE-2026-25440 2 Wordpress, Wpdeveloper 2 Wordpress, Essential Addons For Elementor 2026-06-16 5.3 Medium
Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
CVE-2026-39503 2 Awesomemotive, Wordpress 2 Easy Digital Downloads, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.
CVE-2026-48873 2 Montonio, Wordpress 2 Montonio For Woocommerce, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
CVE-2026-40743 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-06-16 6.5 Medium
Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.
CVE-2026-39490 2 Artbees, Wordpress 2 Jupiter X Core, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
CVE-2026-42651 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 6.3 Medium
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
CVE-2026-40793 2 Groundhogg, Wordpress 2 Groundhogg, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.
CVE-2026-42640 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 6.5 Medium
Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.
CVE-2026-42659 2 Nasirahmed, Wordpress 2 Advanced Form Integration, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.
CVE-2026-49065 2 Hippooo, Wordpress 2 Hippoo Mobile App For Woocommerce, Wordpress 2026-06-16 8.2 High
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
CVE-2026-34886 2 Wordpress, Wp.insider 2 Wordpress, Simple Membership 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
CVE-2026-40782 2 Greg Winiarski, Wordpress 2 Wpadverts, Wordpress 2026-06-16 6.5 Medium
Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
CVE-2026-40788 2 Quantumcloud, Wordpress 2 Chatbot, Wordpress 2026-06-16 7.1 High
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
CVE-2026-40794 2 Mycred, Wordpress 2 Mycred, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
CVE-2026-40774 2 Saasproject, Wordpress 2 Booking Package, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
CVE-2026-48883 2 Wordpress, Wpclever 2 Wordpress, Wpc Product Bundles For Woocommerce 2026-06-16 7.5 High
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
CVE-2026-53821 1 Openclaw 1 Openclaw 2026-06-15 8.8 High
OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execute admin-gated Gateway RPCs.
CVE-2026-46716 1 Nezhahq 1 Nezha 2026-06-15 9.9 Critical
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers=[] and an arbitrary Command. At every tick of the scheduler, the dashboard pushes that command to every server in the global ServerShared map — including servers that belong to other tenants (admin's servers, other members' servers). Each agent runs the command and returns the output, which is then sent to the attacker's own NotificationGroup → attacker-controlled webhook. This issue has been patched in version 2.0.8.
CVE-2026-48119 1 Nezhahq 1 Nezha 2026-06-15 7.1 High
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12.