Export limit exceeded: 11082 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11082 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7523 | 2 Alejo30, Wordpress | 2 Alba Board, Wordpress | 2026-06-07 | 4.3 Medium |
| The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to access arbitrary private alba_card post data, including title, description, assignee, due date, tags, and comments, that is intended to be restricted to Administrators and Editors. The handler is registered via the wp_ajax_nopriv_ hook and its nonce is exposed to all site visitors through wp_localize_script on pages containing the [alba_board] shortcode, making this exploitable by unauthenticated users who can access any such page. | ||||
| CVE-2026-8976 | 2 Themeisle, Wordpress | 2 Rss Aggregator By Feedzy – Feed To Post, Autoblogging, News & Youtube Video Feeds Aggregator, Wordpress | 2026-06-07 | 4.3 Medium |
| The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to create and execute RSS import jobs, purge (force-delete) all posts associated with any import job, clear import error logs, and enumerate taxonomy terms and post meta_key names. The nonce required to reach these sub-handlers is leaked to any user with the edit_posts capability via the feedzyjs localized script injected into the block editor, meaning no privileged nonce theft or separate exploit step is required for Contributor-level users. | ||||
| CVE-2026-9008 | 2 Webvitaly, Wordpress | 2 Page-list, Wordpress | 2026-06-07 | 4.3 Medium |
| The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelist_unqprfx_ext_shortcode() function (the [pagelist_ext] / [pagelistext] shortcode) accepting attacker-controlled post_status, post_type, and show_meta_key attributes and passing them directly into get_pages() and get_post_meta() with no capability check verifying that the rendering user is permitted to read the matched objects. When the current post has no child pages, the shortcode re-issues the query with child_of => 0, broadening it to every page on the site matching the supplied status/type. This makes it possible for authenticated attackers, with contributor-level access and above, to disclose the titles, body content/excerpts, and arbitrary post meta of unrelated private and draft pages by inserting the shortcode into a contributor-authored draft and previewing it. | ||||
| CVE-2026-7624 | 2 Squirrly, Wordpress | 2 Seo Plugin By Squirrly Seo, Wordpress | 2026-06-07 | 4.3 Medium |
| The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to invoke privileged state-changing Squirrly cloud API operations, such as revoking the site's Google Search Console and Google Analytics integrations via `api/gsc/revoke` and `api/ga/revoke`, that are otherwise restricted to administrator-level users holding the `sq_manage_settings` capability. | ||||
| CVE-2026-8502 | 2 Thimpress, Wordpress | 2 Learnpress – Wordpress Lms Plugin For Create And Sell Online Courses, Wordpress | 2026-06-06 | 5.3 Medium |
| The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'return_type' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including the plaintext post_password of password-protected courses and the full post_content, post_author, and post_name of unpublished draft, private, and pending courses via the unrestricted SELECT * fallback query. Exploitation requires supplying both c_status=all (to bypass the publish-only post_status WHERE clause) and return_type=json (to prevent the safe DISTINCT(ID) AS ID field override) in a single unauthenticated request to the /wp-json/lp/v1/courses/archive-course endpoint. | ||||
| CVE-2026-21031 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2026-06-06 | 7.8 High |
| Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability. | ||||
| CVE-2021-40327 | 1 Trustedfirmware | 1 Trusted Firmware-m | 2026-06-05 | 5.9 Medium |
| Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner. | ||||
| CVE-2026-23925 | 1 Zabbix | 1 Zabbix | 2026-06-05 | 8.1 High |
| An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions. | ||||
| CVE-2026-33551 | 1 Openstack | 1 Keystone | 2026-06-05 | 3.5 Low |
| An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role may obtain an EC2/S3 credential that carries the full set of the parent user's S3 permissions, effectively bypassing the role restrictions imposed on the application credential. Only deployments that use restricted application credentials in combination with the EC2/S3 compatibility API (swift3 / s3api) are affected. | ||||
| CVE-2025-7047 | 1 Utarit | 1 Soliclub | 2026-06-05 | 4.3 Medium |
| Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse. This issue affects SoliClub: before 5.3.7. | ||||
| CVE-2024-1662 | 1 Porty | 2 Powerbank, Powerbank Application | 2026-06-05 | 7.5 High |
| Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data. This issue affects PowerBank Application: before 2.02. | ||||
| CVE-2025-8886 | 1 Usta | 1 Aybs | 2026-06-05 | 6.7 Medium |
| Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authentication Bypass. This issue affects Aybs Interaktif: from 2024 through 28082025. | ||||
| CVE-2025-8887 | 1 Usta | 1 Aybs | 2026-06-05 | 6.1 Medium |
| Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation. This issue affects Aybs Interaktif: from 2024 through 28082025. | ||||
| CVE-2026-41283 | 2 Openstack, Redhat | 2 Mistral, Openstack-mistral | 2026-06-05 | 9.9 Critical |
| OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials. | ||||
| CVE-2026-35904 | 1 T3techgroup | 3 T625pro, T6825g, T7281 | 2026-06-05 | N/A |
| Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component. | ||||
| CVE-2026-5228 | 1 Kurt Software Studio | 1 Writeup Mobile App | 2026-06-05 | 8.8 High |
| Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp Mobile App: from 1.3.0 through 04062026. | ||||
| CVE-2026-10737 | 2 Smartypantsplugins, Wordpress | 2 Sp Project & Document Manager, Wordpress | 2026-06-05 | 7.5 High |
| The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links for arbitrary files stored inside project folders on the server, which can contain sensitive information. The authorization gate uses a negated nonce check OR-chained with permission checks, meaning a missing or invalid nonce causes the entire condition to evaluate to true and bypass all preceding capability and ownership checks. The secondary fallback check only denies access for root-level files (pid == 0), leaving all files stored inside project folders fully exposed to unauthenticated users who supply only a valid file ID in a POST request to admin-ajax.php. | ||||
| CVE-2026-4881 | 1 Octopus | 1 Octopus Server | 2026-06-05 | N/A |
| In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error. | ||||
| CVE-2026-42547 | 1 Dfir-iris | 1 Iris | 2026-06-05 | 5.4 Medium |
| IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination with Cross-Site Scripting, this can also be used to exfiltrate alerts from other customers. Version 2.4.28 contains a patch. | ||||
| CVE-2026-41235 | 1 Froxlor | 1 Froxlor | 2026-06-04 | N/A |
| Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit requests. As a result, an authenticated customer with shell delegation enabled can submit an arbitrary shell such as `/bin/bash` even when the panel UI only offers more restricted choices. In deployments that use the default `nssextrausers` integration, the attacker-controlled shell is then propagated into the system account database, leading to real host shell access. Version 2.3.7 fixes the issue. | ||||