Total
8045 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-52714 | 2026-06-16 | N/A | 5.9 MEDIUM | ||
| Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions. | |||||
| CVE-2026-53820 | 1 Openclaw | 1 Openclaw | 2026-06-16 | N/A | 6.6 MEDIUM |
| OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions with broader command reach than intended. | |||||
| CVE-2026-53821 | 1 Openclaw | 1 Openclaw | 2026-06-16 | N/A | 8.8 HIGH |
| OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execute admin-gated Gateway RPCs. | |||||
| CVE-2025-68049 | 2026-06-15 | N/A | 6.3 MEDIUM | ||
| Subscriber Broken Access Control in bunny.net <= 2.3.6 versions. | |||||
| CVE-2026-25440 | 2026-06-15 | N/A | 5.3 MEDIUM | ||
| Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions. | |||||
| CVE-2026-39503 | 2026-06-15 | N/A | 7.5 HIGH | ||
| Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions. | |||||
| CVE-2026-40773 | 2026-06-15 | N/A | 6.5 MEDIUM | ||
| Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions. | |||||
| CVE-2026-25425 | 2026-06-15 | N/A | 7.5 HIGH | ||
| Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions. | |||||
| CVE-2026-48883 | 2026-06-15 | N/A | 7.5 HIGH | ||
| Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions. | |||||
| CVE-2026-42651 | 2026-06-15 | N/A | 6.3 MEDIUM | ||
| Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions. | |||||
| CVE-2026-48881 | 2026-06-15 | N/A | 9.1 CRITICAL | ||
| Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions. | |||||
| CVE-2026-49065 | 2026-06-15 | N/A | 8.2 HIGH | ||
| Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. | |||||
| CVE-2026-40774 | 2026-06-15 | N/A | 7.5 HIGH | ||
| Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions. | |||||
| CVE-2026-48887 | 2026-06-15 | N/A | 6.5 MEDIUM | ||
| Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions. | |||||
| CVE-2026-40788 | 2026-06-15 | N/A | 7.1 HIGH | ||
| Subscriber Broken Access Control in ChatBot <= 7.9.7 versions. | |||||
| CVE-2026-40793 | 2026-06-15 | N/A | 6.5 MEDIUM | ||
| Subscriber Broken Access Control in Groundhogg < 4.4.1 versions. | |||||
| CVE-2026-34886 | 2026-06-15 | N/A | 7.5 HIGH | ||
| Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions. | |||||
| CVE-2026-49775 | 2026-06-15 | N/A | 6.5 MEDIUM | ||
| Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. | |||||
| CVE-2026-39594 | 2026-06-15 | N/A | 6.4 MEDIUM | ||
| Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions. | |||||
| CVE-2026-39513 | 2026-06-15 | N/A | 7.5 HIGH | ||
| Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions. | |||||