Total
7598 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-6834 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method. | |||||
| CVE-2026-6109 | 1 Deepwisdom | 1 Metagpt | 2026-04-29 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-41349 | 1 Openclaw | 1 Openclaw | 2026-04-29 | N/A | 8.8 HIGH |
| OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent. | |||||
| CVE-2026-40786 | 2026-04-29 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through <= 5.7.3. | |||||
| CVE-2026-40778 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through <= 1.1.2. | |||||
| CVE-2026-40742 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a through <= 8.2.8. | |||||
| CVE-2026-40729 | 2026-04-29 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through <= 1.8.5. | |||||
| CVE-2026-40728 | 2026-04-29 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through <= 1.8.3. | |||||
| CVE-2026-39716 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8. | |||||
| CVE-2026-39713 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and synchronize website contacts: from n/a through <= 1.0.7. | |||||
| CVE-2026-39706 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through <= 1.1.0. | |||||
| CVE-2026-39704 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/a through <= 4.0.5. | |||||
| CVE-2026-39701 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4. | |||||
| CVE-2026-39700 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32. | |||||
| CVE-2026-39698 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Publisher Desk ads.txt: from n/a through <= 1.5.0. | |||||
| CVE-2026-39697 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO – The new AI GEO / SEO tool: from n/a through <= 6.2.8. | |||||
| CVE-2026-39694 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.10.2. | |||||
| CVE-2026-39689 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12. | |||||
| CVE-2026-39688 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through <= 1.3.9. | |||||
| CVE-2026-39687 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through <= 2.0. | |||||