Skip to main content
CVE-2026-22481 MEDIUM This Month

Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker is affected by missing authorization (CVSS 8.8).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-22472 MEDIUM This Month

Missing authorization controls in Easy Form Builder versions 3.9.6 and earlier enable authenticated attackers to exploit improperly configured access restrictions and gain unauthorized capabilities. An attacker with valid credentials can bypass intended security boundaries to read, modify, or delete form data and configurations they should not have access to. No patch is currently available for this vulnerability affecting the Easy Form Builder plugin.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-63018 MEDIUM This Month

Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-24377 MEDIUM This Month

POSIMYTH Nexter Blocks the-plus-addons-for-block-editor contains a security vulnerability (CVSS 7.5).

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24357 MEDIUM This Month

Inadequate access control in WP Recipe Maker versions 10.2.4 and earlier allows authenticated users to bypass authorization checks and perform unauthorized actions. An attacker with low-level WordPress credentials could exploit this vulnerability to gain elevated privileges and modify sensitive recipe data without proper permissions.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24353 MEDIUM This Month

Improper access control in wpeverest User Registration plugin through version 4.4.9 allows authenticated attackers to bypass authorization checks and gain unauthorized access to sensitive functionality. An attacker with low-privilege credentials can exploit misconfigured security levels to perform actions beyond their intended permissions, potentially exposing or modifying user registration data. No patch is currently available for this vulnerability.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22279 MEDIUM This Month

Dell PowerScale OneFS versions before 9.13.0.0 fail to adequately log security events, allowing unauthenticated remote attackers to tamper with information without leaving a detectable audit trail. The insufficient logging mechanism prevents administrators from identifying unauthorized modifications to system data. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24388 MEDIUM This Month

WPMasterToolKit through version 2.14.0 contains an authorization bypass vulnerability that allows authenticated users to modify data due to improperly enforced access controls. An attacker with valid credentials can exploit this flaw to perform unauthorized actions beyond their intended permission level. A security patch is not currently available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22466 MEDIUM This Month

WP MapIt plugin for WordPress through version 3.0.3 contains an authorization bypass that allows authenticated users to modify content they should not have access to. An attacker with user-level privileges can exploit misconfigured access controls to perform unauthorized actions, though the impact is limited to integrity violations without affecting confidentiality or availability.

WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24386 MEDIUM This Month

Element Invader Template Kits for Elementor versions up to 1.2.4 contain an authorization bypass vulnerability that allows authenticated users to access resources or functionality beyond their intended permission level. An attacker with valid login credentials could exploit improperly configured access controls to view or manipulate sensitive data. No patch is currently available for this vulnerability.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22468 MEDIUM This Month

AbsolutePlugins Absolute Addons For Elementor absolute-addons is affected by missing authorization (CVSS 4.3).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22450 MEDIUM This Month

The Don Peppe WordPress theme version 1.3 and earlier contains inadequate access control validation that permits authenticated users to access sensitive information they should not have permission to view. An attacker with valid login credentials could exploit this misconfiguration to retrieve confidential data, though the impact is limited to information disclosure without the ability to modify or delete content.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-31413 MEDIUM This Month

bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite is affected by cross-site request forgery (csrf) (CVSS 8.8).

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22462 MEDIUM This Month

richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer is affected by cross-site request forgery (csrf) (CVSS 4.3).

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22360 MEDIUM This Month

SearchAzon versions 1.4 and earlier are vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthenticated attackers to perform unauthorized actions on behalf of users. The vulnerability requires user interaction and has limited impact, restricted to integrity violations without affecting confidentiality or availability. No patch is currently available for this issue.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67626 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22359 MEDIUM This Month

AA-Team Wordpress Movies Bulk Importer movies importer is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22458 MEDIUM This Month

Mikado-Themes Wanderland version 1.5 and earlier contains an authorization bypass that allows unauthenticated remote attackers to access restricted functionality due to improperly configured access controls. The vulnerability enables information disclosure with no patch currently available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-63051 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4. [CVSS 4.3 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24332 MEDIUM This Month

Discord's WebSocket API inadvertently discloses whether users have set their status to Invisible rather than offline by including them in the presences array, contradicting the privacy expectation that Invisible users appear completely offline. An authenticated attacker can exploit this information disclosure to determine the true online status of Discord users. No patch is currently available as of January 2026.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20888 MEDIUM PATCH This Month

Gitea fails to enforce proper authorization checks when users attempt to cancel scheduled auto-merges through the web interface, allowing any user with pull request read access to cancel merge operations initiated by other users. This authorization bypass could disrupt automated workflows and merge processes across repositories. A patch is available to address this vulnerability.

Authentication Bypass Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24387 MEDIUM This Month

Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator is affected by missing authorization (CVSS 4.3).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-32056 MEDIUM This Month

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. [CVSS 4.0 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-47555 LOW Monitor

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4. [CVSS 8.1 HIGH]

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-22411 LOW Monitor

Mikado-Themes Dolcino dolcino is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-22409 LOW Monitor

Mikado-Themes Justicia justicia is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-22407 LOW Monitor

Mikado-Themes Roam through version 2.1.1 contains an authorization bypass vulnerability where attackers with valid user credentials can manipulate access control mechanisms to gain unauthorized access to sensitive functionality. This authentication-required vulnerability allows authenticated users to circumvent properly configured security levels through user-controlled parameters. No patch is currently available for this issue.

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-22406 LOW Monitor

Mikado-Themes Overton overton is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-22404 LOW Monitor

Mikado-Themes Innovio innovio is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-0798 LOW PATCH Monitor

Gitea may send release notification emails for private repositories to users whose access has been revoked. [CVSS 3.5 LOW]

Authentication Bypass Gitea
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-22281 LOW Monitor

Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. [CVSS 3.5 LOW]

Denial Of Service Race Condition Powerscale Onefs
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-24001 LOW PATCH Monitor

Denial-of-service in jsdiff versions prior to 8.0.3, 5.2.2, 4.0.4, and 3.5.1 allows unauthenticated remote attackers to crash applications by providing maliciously crafted patches with line break characters in filename headers, triggering an infinite loop that exhausts system memory. Applications calling parsePatch with user-supplied input are vulnerable regardless of input size restrictions. A patch is available for all affected versions.

Denial Of Service Jsdiff
NVD GitHub VulDB
CVSS 4.0
2.7
EPSS
0.0%
CVE-2025-12738 This Week

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database.

Information Disclosure
NVD
EPSS
0.1%
CVE-2025-14751 Monitor

A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.

Privilege Escalation
NVD
EPSS
0.0%
CVE-2026-23761 Monitor

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys).

Linux Windows Denial Of Service
NVD GitHub
EPSS
0.0%
CVE-2026-1201 Monitor

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controller versions up to 2.4.2.157 is affected by authorization bypass through user-controlled key.

Authentication Bypass
NVD
EPSS
0.0%
CVE-2025-14750 Monitor

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges.

Information Disclosure
NVD
EPSS
0.0%
CVE-2026-23764 Monitor

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys).

Linux Windows Denial Of Service
NVD GitHub
EPSS
0.0%
CVE-2026-1225 PATCH Monitor

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantia...

Java
NVD
EPSS
0.0%
CVE-2026-23762 Monitor

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys).

Linux Windows Denial Of Service
NVD GitHub
EPSS
0.0%
CVE-2025-15523 This Week

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle.

macOS Python
NVD
EPSS
0.0%
CVE-2025-14295 Monitor

from 6.0 versions up to 9.0 contains a vulnerability that allows attackers to access stored passwords in a recoverable format which makes them subject to pass.

Windows
NVD
EPSS
0.0%
CVE-2026-23763 Monitor

VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver (vbmatrixvaio64*_win10.sys).

Linux Privilege Escalation
NVD GitHub
EPSS
0.0%
CVE-2024-53252 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-53251 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-53250 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-53249 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-53248 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-45743 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-45742 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Denial Of Service
NVD
Prev Page 9 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy