Search Results (8433 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-6964 2 J 3rk, Wordpress 2 Video Conferencing With Zoom, Wordpress 2026-06-26 5.3 Medium
The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain the site's Zoom SDK API key and a freshly-signed JWT that can be used with the Zoom Web SDK to join any Zoom meeting associated with those credentials without a legitimate invitation.
CVE-2026-10831 1 Moxa 2 Cn2600 Series, Nport 5600 Series 2026-06-26 N/A
A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.
CVE-2025-14272 1 Rockwellautomation 1 Factorytalk Analytics Pavilionx 2026-06-26 N/A
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions.
CVE-2026-8383 2 Learnpress, Wordpress 2 Learnpress, Wordpress 2026-06-26 5.3 Medium
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
CVE-2026-45436 2 Rain-task, Wordpress 2 Wpbakery Page Builder, Wordpress 2026-06-26 6.5 Medium
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
CVE-2026-57429 2 Elightup, Wordpress 2 Slim Seo, Wordpress 2026-06-26 6.5 Medium
Contributor Broken Access Control in Slim SEO <= 4.6.2 versions.
CVE-2026-48969 2 Really-simple-plugins, Wordpress 2 Really Simple Ssl, Wordpress 2026-06-26 6.5 Medium
Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions.
CVE-2025-64215 2 Stylemixthemes, Wordpress 2 Masterstudy Lms, Wordpress 2026-06-26 6.5 Medium
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16.
CVE-2026-39515 2 Stylemix, Wordpress 2 Motors, Wordpress 2026-06-26 6.5 Medium
Subscriber Broken Access Control in Motors < 1.4.107 versions.
CVE-2026-39524 2 Themegrill, Wordpress 2 Masteriyo, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
CVE-2026-39534 2 Wordpress, Wpdirectorykit 2 Wordpress, Wp Directory Kit 2026-06-26 7.5 High
Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.
CVE-2026-40773 2 Rtcamp, Wordpress 2 Rtmedia For Wordpress, Buddypress And Bbpress, Wordpress 2026-06-26 6.5 Medium
Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.
CVE-2026-49775 2 Welcart, Wordpress 2 Welcart E-commerce, Wordpress 2026-06-26 6.5 Medium
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
CVE-2026-52714 2 Squirrly, Wordpress 2 Seo Plugin By Squirrly Seo, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
CVE-2026-39433 2 Mojoomla, Wordpress 2 Wpams Plugin, Wordpress 2026-06-26 6.5 Medium
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
CVE-2026-54802 2 Cozyvision, Wordpress 2 Sms Alert Order Notifications, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2026-54828 2 Stylemix, Wordpress 2 Motors, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.
CVE-2026-57619 2 Elementor, Wordpress 2 Elementor Website Builder, Wordpress 2026-06-25 6.5 Medium
Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
CVE-2026-54842 2 Royal Plugins, Wordpress 2 Royal Mcp, Wordpress 2026-06-25 8.1 High
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25.
CVE-2026-52812 1 Gogs 1 Gogs 2026-06-25 N/A
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone (<LFS-root>/<oid[0]>/<oid[1]>/<oid>) but per-repo authorization lives in the lfs_object table keyed (repo_id, oid). serveUpload skips re-uploading when the OID file already exists on disk and inserts a new (repo_id, oid) row pointing at it without verifying the request body hashes to the OID being claimed. Any user with write access to one repo can bind their repo to an OID owned by a private repo and download the original bytes via their own download endpoint. This vulnerability is fixed in 0.14.3.