Total
6986 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-25364 | 2026-02-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.8. | |||||
| CVE-2025-70148 | 1 Codeastro | 1 Membership Management System | 2026-02-20 | N/A | 7.5 HIGH |
| Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR). | |||||
| CVE-2026-2819 | 2026-02-20 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-27328 | 2026-02-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7. | |||||
| CVE-2026-27056 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8. | |||||
| CVE-2026-25348 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.10.15. | |||||
| CVE-2026-25338 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.7.4. | |||||
| CVE-2026-25336 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in wpcoachify Coachify coachify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coachify: from n/a through <= 1.1.5. | |||||
| CVE-2026-25333 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through <= 1.0.11. | |||||
| CVE-2026-25321 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4. | |||||
| CVE-2026-25314 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31. | |||||
| CVE-2026-25311 | 2026-02-19 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through <= 2.3.1. | |||||
| CVE-2026-25308 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9. | |||||
| CVE-2026-25003 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through <= 1.2.1. | |||||
| CVE-2026-25000 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through <= 1.2.0. | |||||
| CVE-2026-24999 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through <= 5.16.1. | |||||
| CVE-2026-24375 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Gift Cards For WooCommerce: from n/a through <= 3.2.4. | |||||
| CVE-2026-23804 | 2026-02-19 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1. | |||||
| CVE-2026-1355 | 1 Github | 1 Enterprise Server | 2026-02-19 | N/A | 6.5 MEDIUM |
| A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration identifier, an attacker could overwrite or replace a victim’s migration archive, potentially causing victims to download attacker-controlled repository data during migration restores or automated imports. An attacker would require authentication to the victim's GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.20 and was fixed in versions 3.19.2, 3.18.5, 3.17.11, 3.16.14, 3.15.18, 3.14.23. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2026-25410 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2. | |||||