Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27368 | 2026-02-25 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.7.
|
|||||
| CVE-2026-22350 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through <= 6.3.1.
|
|||||
| CVE-2022-31595 | 1 Sap | 1 Adaptive Server Enterprise | 2026-02-25 | 6.5 MEDIUM | 8.8 HIGH |
|
SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
|
|||||
| CVE-2022-2732 | 1 Open-emr | 1 Openemr | 2026-02-25 | N/A | 8.3 HIGH |
|
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.
|
|||||
| CVE-2026-22765 | 1 Dell | 1 Wyse Management Suite | 2026-02-25 | N/A | 8.8 HIGH |
|
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.
|
|||||
| CVE-2026-1916 | 2026-02-25 | N/A | 7.5 HIGH | ||
|
The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the `wpgsi_callBackFuncAccept` and `wpgsi_callBackFuncUpdate` REST API functions in all versions up to, and including, 3.8.3. Both REST endpoints use `permission_callback => '__return_true'`, allowing unauthenticated access. The plugin's custom token-based validation relies on a Base64-encoded JSON object ...
Show More |
|||||
| CVE-2026-2301 | 2026-02-25 | N/A | 4.3 MEDIUM | ||
|
The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the `duplicate_post()` function in `includes/api.php` using `$wpdb->insert()` directly to the `wp_postmeta` table instead of WordPress's standard `add_post_meta()` function, which would call `is_protected_meta()` to prevent lower-privileged users from setting protected meta keys (those starting with `_`). This makes it possible ...
Show More |
|||||
| CVE-2026-25404 | 2026-02-24 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.0.
|
|||||
| CVE-2025-69297 | 2026-02-24 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19.
|
|||||
| CVE-2025-69063 | 2026-02-24 | N/A | 8.6 HIGH | ||
|
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.0.
|
|||||
| CVE-2025-68542 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iris allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Gateway for IRIS: from n/a through <= 1.3.
|
|||||
| CVE-2025-68534 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 6.3.0.
|
|||||
| CVE-2025-68069 | 2026-02-24 | N/A | 7.1 HIGH | ||
|
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.
|
|||||
| CVE-2025-68050 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3.
|
|||||
| CVE-2025-68043 | 2026-02-24 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.
|
|||||
| CVE-2025-68026 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1.
|
|||||
| CVE-2025-68024 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through <= 2.0.15.
|
|||||
| CVE-2025-68022 | 2026-02-24 | N/A | 6.3 MEDIUM | ||
|
Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through <= 3.1.6.
|
|||||
| CVE-2025-68005 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.8.7.
|
|||||
| CVE-2025-68000 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.
|
|||||
| CVE-2025-67993 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1.
|
|||||
| CVE-2025-67977 | 2026-02-24 | N/A | 8.2 HIGH | ||
|
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8.
|
|||||
| CVE-2025-67974 | 2026-02-24 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4.
|
|||||
| CVE-2025-67970 | 2026-02-24 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a through <= 1.0.
|
|||||
| CVE-2025-67624 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through <= 1.1.3.
|
|||||
| CVE-2026-2038 | 1 Gfi | 1 Archiver | 2026-02-24 | N/A | 9.8 CRITICAL |
|
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in co ...
Show More |
|||||
| CVE-2026-2039 | 1 Gfi | 1 Archiver | 2026-02-24 | N/A | 9.8 CRITICAL |
|
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, which listens on port 8018. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in ...
Show More |
|||||
| CVE-2022-0611 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 6.5 MEDIUM | 6.3 MEDIUM |
|
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
|
|||||
| CVE-2022-0588 | 1 Librenms | 1 Librenms | 2026-02-24 | 4.0 MEDIUM | 7.1 HIGH |
|
Missing Authorization in Packagist librenms/librenms prior to 22.2.0.
|
|||||
| CVE-2022-0579 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
|
|||||
| CVE-2022-0178 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 5.5 MEDIUM | 6.3 MEDIUM |
|
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
|
|||||
| CVE-2026-27471 | 1 Frappe | 1 Erpnext | 2026-02-24 | N/A | 9.1 CRITICAL |
|
ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1.
|
|||||
| CVE-2025-11581 | 1 Powerjob | 1 Powerjob | 2026-02-24 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-11580 | 1 Powerjob | 1 Powerjob | 2026-02-24 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-15390 | 1 Phpgurukul | 1 Small Crm | 2026-02-24 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-12925 | 1 Rymcu | 1 Forest | 2026-02-24 | 7.5 HIGH | 7.3 HIGH |
|
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
|
|||||
| CVE-2025-12924 | 1 Rymcu | 1 Forest | 2026-02-24 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.
|
|||||
| CVE-2025-69388 | 2026-02-23 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo – Chatbot: from n/a through <= 3.0.4.
|
|||||
| CVE-2025-69385 | 2026-02-23 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through <= 1.3.
|
|||||
| CVE-2026-22351 | 2026-02-23 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through <= 1.6.
|
|||||