Total
7134 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24556 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.2. | |||||
| CVE-2026-24535 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <= 1.2.7. | |||||
| CVE-2026-22466 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP MapIt: from n/a through <= 3.0.3. | |||||
| CVE-2026-24551 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3. | |||||
| CVE-2026-24380 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0. | |||||
| CVE-2026-24371 | 2026-01-26 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through <= 1.8.16. | |||||
| CVE-2026-24368 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0. | |||||
| CVE-2026-24358 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.3. | |||||
| CVE-2026-24357 | 2026-01-26 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through <= 10.2.4. | |||||
| CVE-2026-24356 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0. | |||||
| CVE-2026-24353 | 2026-01-26 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9. | |||||
| CVE-2026-23974 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5. | |||||
| CVE-2026-22472 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6. | |||||
| CVE-2025-52950 | 1 Juniper | 1 Security Director | 2026-01-26 | N/A | 9.6 CRITICAL |
| A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user's authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices. This issue affects Security Director version 24.4.1. | |||||
| CVE-2026-23477 | 1 Rocket.chat | 1 Rocket.chat | 2026-01-26 | N/A | 7.7 HIGH |
| Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0. | |||||
| CVE-2024-39650 | 1 Wpwebelite | 1 Woocommerce Pdf Vouchers | 2026-01-26 | N/A | 7.3 HIGH |
| Missing Authorization vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce PDF Vouchers: from n/a through 4.9.4. | |||||
| CVE-2024-43274 | 1 Joomsky | 1 Js Help Desk | 2026-01-26 | N/A | 5.8 MEDIUM |
| Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6. | |||||
| CVE-2026-24522 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through <= 1.2.16. | |||||
| CVE-2025-12519 | 1 Centreon | 1 Centreon Web | 2026-01-26 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19. | |||||
| CVE-2025-15466 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
| The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple AJAX actions in all versions up to, and including, 3.6.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to view, create, modify, clone, delete, and reassign ownership of galleries created by other users, including administrators. | |||||