Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48887 |
|
Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.
Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.
|
| CVE-2026-48835 |
|
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.
|
| CVE-2026-48883 |
|
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
|
| CVE-2026-42651 |
|
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
|
| CVE-2026-42666 |
|
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
|
| CVE-2026-42664 |
|
Vulnerability in CVE-2026-42664 (CVE-2026-42664)
vulnerability in CVE-2026-42664 (CVE-2026-42664). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42659 |
|
Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.
Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.
|
| CVE-2026-42640 |
|
Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.
Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.
|
| CVE-2026-40793 |
|
Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.
Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.
|
| CVE-2026-40795 |
|
Subscriber Broken Access Control in Amelia <= 2.2 versions.
Subscriber Broken Access Control in Amelia <= 2.2 versions.
|
| CVE-2026-40788 |
|
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
|
| CVE-2026-40794 |
|
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
|
| CVE-2026-40774 |
|
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
|
| CVE-2026-40775 |
|
Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.
Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.
|
| CVE-2026-40773 |
|
Vulnerability in wordpress (CVE-2026-40773)
vulnerability in wordpress (CVE-2026-40773). Data can be tampered with by attackers.
|
| CVE-2026-40782 |
|
Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
|
| CVE-2026-40776 |
|
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
|
| CVE-2026-40743 |
|
Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.
Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.
|
| CVE-2026-40741 |
|
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
|
| CVE-2026-39594 |
|
Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.
Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.
|
| CVE-2026-39534 |
|
Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.
Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.
|
| CVE-2026-39533 |
|
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
|
| CVE-2026-39584 |
|
Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.
Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.
|
| CVE-2026-39515 |
|
Subscriber Broken Access Control in Motors < 1.4.107 versions.
Subscriber Broken Access Control in Motors < 1.4.107 versions.
|
| CVE-2026-39524 |
|
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
|
| CVE-2026-39525 |
|
Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.
Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.
|
| CVE-2026-39513 |
|
Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.
Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.
|
| CVE-2026-39503 |
|
Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.
Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.
|
| CVE-2026-34886 |
|
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
|
| CVE-2025-68049 |
|
Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
|
| CVE-2026-34892 |
|
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
|
| CVE-2026-34898 |
|
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.
|
| CVE-2026-25425 |
|
Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.
Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.
|
| CVE-2025-69332 |
|
Subscriber Broken Access Control in Bookify <= 1.1.1 versions.
Subscriber Broken Access Control in Bookify <= 1.1.1 versions.
|
| CVE-2026-25440 |
|
Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
|
| CVE-2026-48709 |
|
Vulnerability in github.com/OliveTin/OliveTin (CVE-2026-48709)
vulnerability in github.com/OliveTin/OliveTin (CVE-2026-48709). Risk of unauthorized operations or information disclosure. Exploitable via ``ValidateArgumentType``. Mitigation: upgrade to `0.0.0-20260521230847-a3865704c854` or later.
|
| CVE-2026-38329 |
|
Vulnerability in CVE-2026-38329 (CVE-2026-38329)
vulnerability in CVE-2026-38329 (CVE-2026-38329). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/files/{key}`.
|
| CVE-2026-5230 |
|
Vulnerability in CVE-2026-5230 (CVE-2026-5230)
vulnerability in CVE-2026-5230 (CVE-2026-5230). Confidential information can be exposed externally.
|
| CVE-2026-48969 |
|
Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions.
Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions.
|
| CVE-2025-64215 |
|
Vulnerability in CVE-2025-64215 (CVE-2025-64215)
vulnerability in CVE-2025-64215 (CVE-2025-64215). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34024 |
|
Vulnerability in CVE-2026-34024 (CVE-2026-34024)
vulnerability in CVE-2026-34024 (CVE-2026-34024). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53821 |
|
Vulnerability in openclaw (CVE-2026-53821)
vulnerability in openclaw (CVE-2026-53821). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53820 |
|
Vulnerability in openclaw (CVE-2026-53820)
vulnerability in openclaw (CVE-2026-53820). Data can be tampered with by attackers.
|
| CVE-2026-45085 |
|
Information Disclosure in discourse (CVE-2026-45085)
vulnerability in discourse (CVE-2026-45085). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42851 |
|
Code Injection in kovidgoyal (CVE-2026-42851)
code injection in kovidgoyal (CVE-2026-42851). Successful exploitation can lead to full system takeover. Exploitable via ``cat``.
|
| CVE-2026-50244 |
|
Vulnerability in CVE-2026-50244 (CVE-2026-50244)
vulnerability in CVE-2026-50244 (CVE-2026-50244). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50108 |
|
Vulnerability in CVE-2026-50108 (CVE-2026-50108)
vulnerability in CVE-2026-50108 (CVE-2026-50108). Confidential information can be exposed externally.
|
| CVE-2026-10715 |
|
Vulnerability in CVE-2026-10715 (CVE-2026-10715)
vulnerability in CVE-2026-10715 (CVE-2026-10715). Risk of unauthorized operations or information disclosure. Exploitable via `POST /admin/post_type/`.
|
| CVE-2026-6689 |
|
Vulnerability in mattermost (CVE-2026-6689)
vulnerability in mattermost (CVE-2026-6689). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v4/teams`.
|
| CVE-2026-50084 |
|
Vulnerability in c (CVE-2026-50084)
vulnerability in c (CVE-2026-50084). Confidential information can be exposed externally.
|