Export limit exceeded: 19646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8433 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56773 | 1 Teableio | 1 Teable | 2026-06-27 | 8.8 High |
| Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords. | ||||
| CVE-2026-12411 | 1 Canonical | 1 Lxd | 2026-06-27 | 8.4 High |
| Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled. | ||||
| CVE-2026-47193 | 1 Opf | 1 Openproject | 2026-06-26 | 7.5 High |
| OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1. | ||||
| CVE-2026-57518 | 1 Pagekit | 1 Pagekit | 2026-06-26 | 8.8 High |
| Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction(). Attackers can assign themselves a custom role with the 'system: manage packages' permission and then upload and install a malicious PHP package through the admin package installer to achieve remote code execution. | ||||
| CVE-2026-57661 | 2 Nexcess, Wordpress | 2 Wpcomplete, Wordpress | 2026-06-26 | 5.4 Medium |
| Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions. | ||||
| CVE-2026-52701 | 2 Themegrill, Wordpress | 2 User Registration, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions. | ||||
| CVE-2026-57324 | 2 Villatheme, Wordpress | 2 Gift4u, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions. | ||||
| CVE-2026-57622 | 2 Arraytics, Wordpress | 2 Wpcafe, Wordpress | 2026-06-26 | 4.3 Medium |
| Subscriber Broken Access Control in WPCafe <= 3.0.14 versions. | ||||
| CVE-2026-54847 | 2 Design, Wordpress | 2 Stylish Cost Calculator, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions. | ||||
| CVE-2026-54029 | 1 Danny-avila | 1 Libre Chat | 2026-06-26 | 5.3 Medium |
| LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId belongs to the requesting user, but the handler calls deleteMessages({ messageId }) using only the messageId as the MongoDB filter — without adding a user constraint. An attacker provides their own valid conversationId (to pass validation) and the victim's messageId (to target deletion), resulting in permanent, irrecoverable message deletion. This vulnerability is fixed in 0.8.4-rc1. | ||||
| CVE-2026-57923 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 5.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings | ||||
| CVE-2026-57925 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 4.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags | ||||
| CVE-2026-57921 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 4.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint | ||||
| CVE-2026-57922 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 3.1 Low |
| In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible | ||||
| CVE-2026-54027 | 1 Danny-avila | 1 Libre Chat | 2026-06-26 | 6.5 Medium |
| LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool_resources (e.g., context, execute_code) without verifying ownership or EDIT permission on the target agent. A permission check was added to the POST /api/files route in a previous patch, but the image upload route was never updated with the same check. An attacker can simply use the image endpoint instead of the file endpoint to bypass the authorization entirely. This vulnerability is fixed in 0.8.4-rc1. | ||||
| CVE-2026-2299 | 1 Mattermost | 1 Mattermost Google Drive Plugin | 2026-06-26 | 4.2 Medium |
| The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership. | ||||
| CVE-2026-57521 | 1 Bitwarden | 1 Server | 2026-06-26 | 4.3 Medium |
| Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers can exploit the missing ManageOrganizationBillingRequirement on the preview invoice endpoints to retrieve Stripe-computed tax totals, subscription status, and billing details derived from any target organization's real customer and subscription data. | ||||
| CVE-2026-1869 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | 2026-06-26 | 6.5 Medium |
| The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirm_payment() function in all versions up to, and including, 5.2.0. This makes it possible for unauthenticated attackers to bypass payment processing and activate paid memberships. | ||||
| CVE-2026-38329 | 1 Bludit | 1 Bludit Cms | 2026-06-26 | 9.8 Critical |
| Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and execute arbitrary code on the server. | ||||
| CVE-2026-39533 | 2 Wordpress, Wptasty | 2 Wordpress, Awp Classifieds | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions. | ||||