Total
6976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-23545 | 2026-02-26 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4. | |||||
| CVE-2025-53217 | 2026-02-26 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2. | |||||
| CVE-2026-25370 | 2026-02-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through <= 6.60.28. | |||||
| CVE-2026-23543 | 2026-02-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.5. | |||||
| CVE-2024-43228 | 2026-02-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3. | |||||
| CVE-2026-28193 | 1 Jetbrains | 1 Youtrack | 2026-02-26 | N/A | 8.8 HIGH |
| In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint | |||||
| CVE-2026-27468 | 1 Joinmastodon | 1 Mastodon | 2026-02-26 | N/A | 8.2 HIGH |
| Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content did not check properly whether the FASP was actually approved. This only affects Mastodon servers that have opted in to testing the experimental FASP feature by setting the environment variable `EXPERIMENTAL_FEATURES` to a value including `fasp`. An attacker can make subscriptions and request content backfill without approval by an administrator. Done once, this leads to minor information leak of URIs that are publicly available anyway. But done several times this is a serious vector for DOS, putting pressure on the sidekiq worker responsible for the `fasp` queue. The fix is included in the 4.4.14 and 4.5.7 releases. Admins that are actively testing the experimental "fasp" feature should update their systems. Servers not using the experimental feature flag `fasp` are not affected. | |||||
| CVE-2025-15563 | 1 Nestersoft | 1 Worktime | 2026-02-26 | N/A | 5.3 MEDIUM |
| Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here. | |||||
| CVE-2025-67973 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.6.2. | |||||
| CVE-2025-67969 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1. | |||||
| CVE-2025-67547 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6. | |||||
| CVE-2025-68025 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify Floating Cart For WooCommerce: from n/a through <= 1.2.17. | |||||
| CVE-2025-68023 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through <= 1.1.17. | |||||
| CVE-2025-68021 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.5. | |||||
| CVE-2025-67994 | 2026-02-25 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3. | |||||
| CVE-2025-67975 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through <= 3.0.3. | |||||
| CVE-2025-68048 | 2026-02-25 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0. | |||||
| CVE-2025-68042 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through <= 1.2.1. | |||||
| CVE-2025-68032 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through <= 3.19.0. | |||||
| CVE-2025-68028 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0. | |||||