Total
8259 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-54415 | 2026-06-17 | 8.1 High | ||
| Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS before 1.2.11 on all platforms allows an authenticated attacker with the admin.access permission to create AzLink server tokens and take over non-admin user accounts by changing their passwords and email addresses via crafted HTTP requests to /admin/servers/create and the AzLink API endpoints (/api/azlink/password, /api/azlink/email, /api/azlink/user/{id}). | ||||
| CVE-2026-54810 | 2026-06-17 | 7.5 High | ||
| Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1. | ||||
| CVE-2025-69189 | 2026-06-17 | 7.3 High | ||
| Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3. | ||||
| CVE-2024-24709 | 2 Shareaholic, Wordpress | 2 Shareaholic, Wordpress | 2026-06-17 | 4.3 Medium |
| Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11. | ||||
| CVE-2024-37210 | 2026-06-17 | 6.5 Medium | ||
| Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5. | ||||
| CVE-2026-11858 | 2026-06-17 | N/A | ||
| Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary file write and delete operations with SYSTEM privileges and can be used to achieve local privilege escalation. | ||||
| CVE-2024-33685 | 2026-06-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1. | ||||
| CVE-2024-32949 | 2 Prince, Wordpress | 2 Integrate Google Drive, Wordpress | 2026-06-17 | 8.3 High |
| Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8. | ||||
| CVE-2024-33909 | 2 Avirtum, Wordpress | 2 Ipages Flipbook, Wordpress | 2026-06-17 | 5.3 Medium |
| Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1. | ||||
| CVE-2026-40723 | 2 Bricks, Wordpress | 2 Bricks Builder, Wordpress | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions. | ||||
| CVE-2026-24575 | 2 Wishlist Member, Wordpress | 2 Wishlist Member X, Wordpress | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions. | ||||
| CVE-2026-24611 | 2 Wordpress, Wpmet | 2 Wordpress, Metform Pro | 2026-06-17 | 9.1 Critical |
| Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions. | ||||
| CVE-2026-39595 | 2 Boldgrid, Wordpress | 2 W3 Total Cache, Wordpress | 2026-06-17 | 4.7 Medium |
| Author Broken Access Control in W3 Total Cache <= 2.9.1 versions. | ||||
| CVE-2024-37496 | 2026-06-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7. | ||||
| CVE-2026-22343 | 2026-06-17 | 8.6 High | ||
| Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions. | ||||
| CVE-2026-40726 | 2026-06-17 | 8.2 High | ||
| Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions. | ||||
| CVE-2024-31435 | 2026-06-17 | 4.3 Medium | ||
| : Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6. | ||||
| CVE-2025-69137 | 2026-06-17 | 6.5 Medium | ||
| Subscriber Broken Access Control in Genemy <= 1.6.6 versions. | ||||
| CVE-2026-8383 | 2026-06-17 | 5.3 Medium | ||
| The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request | ||||
| CVE-2026-39433 | 2026-06-17 | 6.5 Medium | ||
| Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions. | ||||