Total
6980 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-67977 | 2026-02-24 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8. | |||||
| CVE-2025-67974 | 2026-02-24 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4. | |||||
| CVE-2025-67970 | 2026-02-24 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a through <= 1.0. | |||||
| CVE-2025-67624 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through <= 1.1.3. | |||||
| CVE-2026-2038 | 1 Gfi | 1 Archiver | 2026-02-24 | N/A | 9.8 CRITICAL |
| GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-27934. | |||||
| CVE-2026-2039 | 1 Gfi | 1 Archiver | 2026-02-24 | N/A | 9.8 CRITICAL |
| GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, which listens on port 8018. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-28597. | |||||
| CVE-2022-0611 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11. | |||||
| CVE-2022-0588 | 1 Librenms | 1 Librenms | 2026-02-24 | 4.0 MEDIUM | 7.1 HIGH |
| Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | |||||
| CVE-2022-0579 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | |||||
| CVE-2022-0178 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 5.5 MEDIUM | 6.3 MEDIUM |
| Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8. | |||||
| CVE-2026-27471 | 1 Frappe | 1 Erpnext | 2026-02-24 | N/A | 9.1 CRITICAL |
| ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1. | |||||
| CVE-2025-11581 | 1 Powerjob | 1 Powerjob | 2026-02-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-11580 | 1 Powerjob | 1 Powerjob | 2026-02-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2025-15390 | 1 Phpgurukul | 1 Small Crm | 2026-02-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2025-12925 | 1 Rymcu | 1 Forest | 2026-02-24 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. | |||||
| CVE-2025-12924 | 1 Rymcu | 1 Forest | 2026-02-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. | |||||
| CVE-2025-69388 | 2026-02-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo – Chatbot: from n/a through <= 3.0.4. | |||||
| CVE-2025-69385 | 2026-02-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through <= 1.3. | |||||
| CVE-2026-22351 | 2026-02-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through <= 1.6. | |||||
| CVE-2025-69393 | 2026-02-23 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through <= 1.2.4. | |||||