Total
6992 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-25394 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through <= 1.0.6. | |||||
| CVE-2026-25393 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through <= 1.0.6. | |||||
| CVE-2026-25391 | 2026-02-19 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1.3.07. | |||||
| CVE-2026-25386 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2. | |||||
| CVE-2026-25384 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5. | |||||
| CVE-2026-25375 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.10. | |||||
| CVE-2026-25372 | 2026-02-19 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3. | |||||
| CVE-2026-25368 | 2026-02-19 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through <= 5.4.4.1. | |||||
| CVE-2026-25242 | 1 Gogs | 1 Gogs | 2026-02-19 | N/A | 9.8 CRITICAL |
| Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any remote user can upload arbitrary files to the server via /releases/attachments and /issues/attachments. This enables the instance to be abused as a public file host, potentially leading to disk exhaustion, content hosting, or delivery of malware. CSRF tokens do not mitigate this attack due to same-origin cookie issuance. This issue has been fixed in version 0.14.1. | |||||
| CVE-2026-27042 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1. | |||||
| CVE-2026-25459 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12. | |||||
| CVE-2026-25423 | 2026-02-19 | N/A | 3.8 LOW | ||
| Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.16.4. | |||||
| CVE-2026-25415 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through <= 1.6.18. | |||||
| CVE-2026-25473 | 2026-02-19 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31. | |||||
| CVE-2026-25441 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21. | |||||
| CVE-2026-27092 | 2026-02-19 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.2.11. | |||||
| CVE-2026-27066 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.46. | |||||
| CVE-2025-64520 | 1 Glpi-project | 1 Glpi | 2026-02-19 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch. | |||||
| CVE-2025-12081 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level access and above, to modify the title, caption, and custom metadata of arbitrary media attachments. | |||||
| CVE-2019-25351 | 2026-02-19 | N/A | 8.8 HIGH | ||
| Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests. | |||||