Total
6999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24985 | 2026-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through <= 1.8.2. | |||||
| CVE-2026-24967 | 2026-02-03 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38. | |||||
| CVE-2025-13348 | 2026-02-03 | N/A | N/A | ||
| An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update for ASUS Business Manager" section on the ASUS Security Advisory for more information. | |||||
| CVE-2025-15510 | 2026-02-03 | N/A | 5.3 MEDIUM | ||
| The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configurations, that may include sensitive data, such as email addresses, PayPal API credentials, and third-party integration keys by enumerating the nex_forms_Id parameter. | |||||
| CVE-2026-1431 | 2026-02-03 | N/A | 5.3 MEDIUM | ||
| The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information including customer names, phones and emails. | |||||
| CVE-2026-25020 | 2026-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through <= 1.7.0. | |||||
| CVE-2026-25011 | 2026-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41. | |||||
| CVE-2026-25016 | 2026-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through <= 1.3.5. | |||||
| CVE-2025-49181 | 1 Sick | 1 Media Server | 2026-02-03 | N/A | 8.6 HIGH |
| Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack. | |||||
| CVE-2025-62972 | 1 Webinarpress | 1 Webinarpress | 2026-02-03 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through <= 1.33.28. | |||||
| CVE-2025-67540 | 2026-02-02 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from n/a through <= 2.4.5. | |||||
| CVE-2025-66079 | 2026-02-02 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.2.0. | |||||
| CVE-2025-66071 | 2026-02-02 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in tychesoftwares Custom Order Numbers for WooCommerce custom-order-numbers-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Order Numbers for WooCommerce: from n/a through <= 1.11.0. | |||||
| CVE-2026-23721 | 1 Openproject | 1 Openproject | 2026-02-02 | N/A | 4.3 MEDIUM |
| OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, due to a failed permission check, if a user had the View Members permission in any project, they could enumerate all Groups and view which other users are part of the group. The issue has been fixed in OpenProject 17.0.1 and 16.6.5. No known workarounds are available. | |||||
| CVE-2021-47812 | 1 Getgrav | 1 Grav | 2026-02-02 | N/A | 9.8 CRITICAL |
| GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution. | |||||
| CVE-2025-11669 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2026-02-02 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality. | |||||
| CVE-2026-24139 | 1 Franklioxygen | 1 Mytube | 2026-02-02 | N/A | 6.5 MEDIUM |
| MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export endpoint, enabling low-privileged users to access sensitive data they should not have permission to view. | |||||
| CVE-2025-70985 | 1 Ruoyi | 1 Ruoyi | 2026-01-30 | N/A | 9.1 CRITICAL |
| Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope. | |||||
| CVE-2025-70986 | 1 Ruoyi | 1 Ruoyi | 2026-01-30 | N/A | 7.5 HIGH |
| Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data. | |||||
| CVE-2026-22461 | 2026-01-30 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through <= 6.6.18. | |||||