Export limit exceeded: 11088 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11088 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10616 | 1 Nextlevelbuilder | 1 Goclaw | 2026-06-03 | 4.3 Medium |
| A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/team_tasks_lifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug. | ||||
| CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 39 Ubuntu Linux, Debian Linux, Fedora and 36 more | 2026-06-03 | 7.8 High |
| A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | ||||
| CVE-2024-6406 | 2026-06-03 | N/A | ||
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data. This issue affects Mobile Library Application: before 5.0. | ||||
| CVE-2024-7108 | 1 Nationalkeep | 1 Cybermath | 2026-06-03 | 9.8 Critical |
| Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CyberMath: before CYBM.240816253. | ||||
| CVE-2026-44409 | 1 Zte | 2 Mu5250, Mu5250 Firmware | 2026-06-03 | 5.7 Medium |
| There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure. | ||||
| CVE-2025-32348 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-42677 | 2 Ben Balter, Wordpress | 2 Wp Document Revisions, Wordpress | 2026-06-02 | 7.5 High |
| Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Document Revisions: from n/a before 4.0.0. | ||||
| CVE-2026-45267 | 1 Nextcloud | 1 Forms | 2026-06-02 | 6.5 Medium |
| Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6. | ||||
| CVE-2026-9234 | 2 Ntbyk, Wordpress | 2 Jtl-connector For Woocommerce, Wordpress | 2026-06-02 | 4.3 Medium |
| The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the admin_post_settings_save_woo-jtl-connector action (handled by JtlConnectorAdmin::save()) and on the wp_ajax_downloadJTLLogs and wp_ajax_clearJTLLogs AJAX actions (handled by the global downloadJTLLogs() and clearJTLLogs() functions). This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify arbitrary plugin settings, download a ZIP archive of the connector's developer log files, and delete those log files. | ||||
| CVE-2025-52766 | 2 Printeers, Wordpress | 2 Printeers Print & Ship, Wordpress | 2026-06-02 | 6.5 Medium |
| Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0. | ||||
| CVE-2025-53302 | 2 Anton Shevchuk, Wordpress | 2 Constructor, Wordpress | 2026-06-02 | 5.3 Medium |
| Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5. | ||||
| CVE-2025-53345 | 2 Thimpress, Wordpress | 2 Thim Core, Wordpress | 2026-06-02 | 8.8 High |
| Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3. | ||||
| CVE-2025-53346 | 2 Thimpress, Wordpress | 2 Thim Core, Wordpress | 2026-06-02 | 4.3 Medium |
| Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3. | ||||
| CVE-2026-42670 | 2 Etoile Web Design Incorporated, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-06-02 | 7.5 High |
| Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14. | ||||
| CVE-2026-27351 | 2 Sekander Badsha, Wordpress | 2 Crew Hrm, Wordpress | 2026-06-02 | 5.4 Medium |
| Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2. | ||||
| CVE-2026-8382 | 2 Wordpress, Wpengine | 2 Wordpress, Advanced Custom Fields | 2026-06-02 | 5.3 Medium |
| The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the post_title and post_content of any post bound to a publicly accessible acf_form() instance by injecting values into the _post_title and _post_content parameters of a form submission request. | ||||
| CVE-2026-49299 | 1 Openstack | 1 Neutron | 2026-06-02 | N/A |
| In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags on same-project resources. Deployments running Neutron 26.0.0 or later are affected. | ||||
| CVE-2026-34154 | 1 Discourse | 1 Discourse | 2026-06-02 | 5.3 Medium |
| Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1. | ||||
| CVE-2026-28380 | 1 Grafana | 1 Grafana | 2026-06-02 | 6.5 Medium |
| Any Editor could delete any snapshot, even if they have no access to read or write them. | ||||
| CVE-2026-41014 | 1 Apache | 1 Airflow | 2026-06-02 | 4.3 Medium |
| The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to read. Affects deployments that rely on per-Dag read scoping while granting users broader Asset access. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. | ||||