Export limit exceeded: 19646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (8433 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-56773 1 Teableio 1 Teable 2026-06-27 8.8 High
Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.
CVE-2026-12411 1 Canonical 1 Lxd 2026-06-27 8.4 High
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
CVE-2026-47193 1 Opf 1 Openproject 2026-06-26 7.5 High
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1.
CVE-2026-57518 1 Pagekit 1 Pagekit 2026-06-26 8.8 High
Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction(). Attackers can assign themselves a custom role with the 'system: manage packages' permission and then upload and install a malicious PHP package through the admin package installer to achieve remote code execution.
CVE-2026-57661 2 Nexcess, Wordpress 2 Wpcomplete, Wordpress 2026-06-26 5.4 Medium
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
CVE-2026-52701 2 Themegrill, Wordpress 2 User Registration, Wordpress 2026-06-26 6.5 Medium
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
CVE-2026-57324 2 Villatheme, Wordpress 2 Gift4u, Wordpress 2026-06-26 6.5 Medium
Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.
CVE-2026-57622 2 Arraytics, Wordpress 2 Wpcafe, Wordpress 2026-06-26 4.3 Medium
Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.
CVE-2026-54847 2 Design, Wordpress 2 Stylish Cost Calculator, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
CVE-2026-54029 1 Danny-avila 1 Libre Chat 2026-06-26 5.3 Medium
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId belongs to the requesting user, but the handler calls deleteMessages({ messageId }) using only the messageId as the MongoDB filter — without adding a user constraint. An attacker provides their own valid conversationId (to pass validation) and the victim's messageId (to target deletion), resulting in permanent, irrecoverable message deletion. This vulnerability is fixed in 0.8.4-rc1.
CVE-2026-57923 1 Jetbrains 1 Youtrack 2026-06-26 5.3 Medium
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings
CVE-2026-57925 1 Jetbrains 1 Youtrack 2026-06-26 4.3 Medium
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
CVE-2026-57921 1 Jetbrains 1 Youtrack 2026-06-26 4.3 Medium
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
CVE-2026-57922 1 Jetbrains 1 Youtrack 2026-06-26 3.1 Low
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
CVE-2026-54027 1 Danny-avila 1 Libre Chat 2026-06-26 6.5 Medium
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool_resources (e.g., context, execute_code) without verifying ownership or EDIT permission on the target agent. A permission check was added to the POST /api/files route in a previous patch, but the image upload route was never updated with the same check. An attacker can simply use the image endpoint instead of the file endpoint to bypass the authorization entirely. This vulnerability is fixed in 0.8.4-rc1.
CVE-2026-2299 1 Mattermost 1 Mattermost Google Drive Plugin 2026-06-26 4.2 Medium
The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership.
CVE-2026-57521 1 Bitwarden 1 Server 2026-06-26 4.3 Medium
Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers can exploit the missing ManageOrganizationBillingRequirement on the preview invoice endpoints to retrieve Stripe-computed tax totals, subscription status, and billing details derived from any target organization's real customer and subscription data.
CVE-2026-1869 2 Wordpress, Wpeverest 2 Wordpress, User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 2026-06-26 6.5 Medium
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirm_payment() function in all versions up to, and including, 5.2.0. This makes it possible for unauthenticated attackers to bypass payment processing and activate paid memberships.
CVE-2026-38329 1 Bludit 1 Bludit Cms 2026-06-26 9.8 Critical
Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and execute arbitrary code on the server.
CVE-2026-39533 2 Wordpress, Wptasty 2 Wordpress, Awp Classifieds 2026-06-26 7.5 High
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.