Skip to main content
CVE-2026-7050 MEDIUM This Month

Forms Rb plugin for WordPress versions up to 1.1.9 contains an authorization bypass vulnerability allowing authenticated contributors and above to read, modify, and delete form submission records and configuration belonging to forms they do not own. The vulnerability stems from insufficient authorization checks in API endpoints (CWE-862), affecting all installations with the plugin active. CVSS score of 4.3 reflects low attack complexity and network accessibility, though impact is limited to integrity and information disclosure within WordPress administrative contexts.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1934 MEDIUM This Month

Authenticated users with Subscriber-level access can bypass PayPal payment verification in the Motors - Car Dealership & Classified Listings WordPress plugin (versions up to 1.4.103) by directly modifying their stm_payment_status user meta field to 'completed', gaining access to paid Dealer membership features without completing any transaction. The vulnerability exists in the stm_save_user_extra_fields() function, which fails to validate permission for sensitive meta field modifications during profile updates. While CVSS 4.3 reflects low severity, the integrity impact is direct-payment systems are completely circumvented for any authenticated user.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6709 MEDIUM This Month

Authenticated attackers with Subscriber-level WordPress access can overwrite the Coinbase Commerce API key in versions up to 1.1.2 of the Coinbase Commerce for Contact Form 7 WordPress plugin due to missing capability checks and nonce verification in the save_settings() function. The vulnerability allows privilege escalation and potential compromise of payment processing by replacing the legitimate API key with an attacker-controlled value via a crafted POST request to /wp-admin/admin-post, affecting all WordPress sites running this plugin with that version or earlier.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4301 MEDIUM This Month

Authenticated attackers with Subscriber-level access can modify arbitrary WordPress post content, metadata, author assignment, and post type through missing authorization checks in the Rate Star Review Vote AJAX handler, allowing full post content takeover via the 'rating_id' parameter when the 'form' parameter is set to 'update'. The vulnerability affects all versions up to 1.6.4 and requires only basic user authentication (not administrator privileges), making it exploitable by any registered site user.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-25690 MEDIUM This Month

Argument injection in Fortinet FortiDeceptor 5.0 through 6.0.2 allows authenticated administrators with read-only permissions to read arbitrary log files via crafted HTTP requests, exposing sensitive system and audit logs. The vulnerability requires valid admin credentials but no elevated privileges, making it accessible to lower-privileged authenticated users. No public exploit code or active exploitation has been confirmed at time of analysis.

Fortinet Code Injection
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-34656 MEDIUM This Month

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.

Authentication Bypass Adobe
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6932 MEDIUM This Month

Cross-Site Request Forgery in WooCommerce Minimum Weight plugin for WordPress up to version 3.0.1 allows unauthenticated attackers to modify minimum order weight settings by tricking site administrators into clicking malicious links or visiting attacker-controlled pages. The vulnerability stems from missing nonce verification in the settings update handler, enabling forged POST requests to alter critical e-commerce configuration without admin consent. No public exploit code or active exploitation has been identified at time of analysis.

PHP CSRF WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7562 MEDIUM This Month

Cross-Site Request Forgery in WP-Redirection plugin for WordPress versions up to 1.0.3 allows unauthenticated attackers to trick logged-in administrators into modifying redirection rules by clicking a crafted link, enabling unauthorized creation, modification, or deletion of URL redirects without consent. The vulnerability stems from missing nonce validation in the admin settings form handler, affecting all installations running vulnerable versions.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-5146 MEDIUM This Month

Unauthenticated attackers can modify or delete arbitrary user notification records in Devolutions Server due to missing session validation in notification management endpoints. The vulnerability affects Devolutions Server 2025.3.19.0 and earlier, plus versions 2026.1.6.0 through 2026.1.15.0. CVSS 4.3 indicates low-to-moderate risk, but the EPSS percentile of 4% suggests this is not a high-priority target for automated exploitation despite the authentication bypass tag.

Authentication Bypass Devolutions Server
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-40129 MEDIUM This Month

Code injection in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform allows authenticated attackers to execute arbitrary code for subscribed channel users by sending specially crafted inputs. The vulnerability has low integrity impact with no confidentiality or availability consequences. CVSS 4.3 (low severity) reflects the requirement for authenticated access, but the ability to affect other users elevates practical risk in multi-tenant environments.

SAP Code Injection RCE
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8407 MEDIUM This Month

Missing authorization in the PAM module of Devolutions Server allows authenticated users with a PAM license to retrieve OTP secret keys and recovery codes without additional permissions, leading to account compromise through crafted API requests. Affected versions include Devolutions Server 2025.3.16.0 and earlier, plus 2026.1.6.0 through 2026.1.11.0. No public exploit code or active exploitation has been identified; however, the low CVSS score and minimal EPSS percentile suggest limited real-world attack incentive despite the confidentiality impact.

Authentication Bypass Server
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-42006 MEDIUM PATCH This Month

OX Dovecot Pro allows authenticated attackers to cause uncontrolled memory consumption and denial of service via excessive open braces in IMAP commands, bypassing the incomplete fix from CVE-2026-27857 which only blocked closing braces. An attacker with valid IMAP credentials can exhaust server memory up to the configured vsz_limit, crashing the IMAP process and disrupting mail service.

Denial Of Service Ox Dovecot Pro
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6710 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in the Skysa Text Ticker App plugin for WordPress affects all versions up to 1.4, allowing unauthenticated attackers to modify plugin settings including scrolling message text and URLs by tricking site administrators into clicking a malicious link. The vulnerability stems from missing nonce validation in the SkysaApps_Admin_AppPage function, enabling attackers to alter ticker content without authentication but requiring user interaction via social engineering.

CSRF WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7616 MEDIUM This Month

Cross-Site Request Forgery in the Zawgyi Embed WordPress plugin versions up to 2.1.1 allows unauthenticated attackers to modify the plugin's zawgyi_forceCSS setting by tricking a site administrator into clicking a malicious link. The vulnerability stems from missing nonce validation in the zawgyi_adminpage function, enabling attackers to submit forged POST requests to the plugin's settings page without the administrator's knowledge.

PHP CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-40136 MEDIUM This Month

SAP Financial Consolidation permits authenticated attackers to forcibly terminate other users' sessions, temporarily denying them access to the application. The vulnerability has limited impact, affecting only availability through session disconnection while leaving the application itself and all data integrity and confidentiality intact. CVSS score of 4.3 reflects low severity, and no public exploit code or active exploitation has been identified.

Information Disclosure SAP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-40134 MEDIUM This Month

Insufficient authorization checks in SAP Incentive and Commission Management allow authenticated users to invoke remote-enabled function modules and perform unauthorized table update operations, compromising data integrity. The vulnerability requires valid user credentials and network access but has limited scope - no confidentiality or availability impact. CVSS 4.3 (low) reflects the authentication requirement and integrity-only impact; no active exploitation or public POC identified at analysis time.

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-43514 LOW PATCH Monitor

Timing side-channel in Apache Tomcat's AJP secret comparison exposes the shared AJP connector secret to remote, unauthenticated attackers capable of making precise network timing measurements. The vulnerability, tracked as CWE-208 (Observable Timing Discrepancy), affects all major Tomcat branches from 7.0.0 through current releases prior to the fixed versions, and could allow an attacker to recover the AJP shared secret through repeated probing. No public exploit code exists at time of analysis, EPSS is 0.02%, and CISA SSVC rates exploitation as none - making real-world risk low despite the network-accessible attack vector.

Information Disclosure Apache Tomcat Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-34685 LOW Monitor

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch - ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing.] are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Authentication Bypass Adobe Adobe Commerce
NVD VulDB
CVSS 3.1
3.4
EPSS
0.0%
CVE-2026-40131 LOW Monitor

SQL injection in SAP HANA Deployment Infrastructure (HDI) deploy library allows high-privileged users to manipulate dynamically constructed SQL queries, potentially altering SELECT statements and compromising confidentiality and availability. Attack requires local access and high privileges (PR:H), limiting real-world risk despite SQL injection severity. No public exploit code or active exploitation has been identified at the time of analysis.

SQLi SAP
NVD VulDB
CVSS 3.1
3.4
EPSS
0.0%
CVE-2026-42445 LOW PATCH Monitor

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS image with a deep directory tree or an inode cycle causes stack exhaustion, crashing the NanaZip process. This vulnerability is fixed in 6.0.1698.0.

Denial Of Service Nanazip
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-42444 LOW PATCH Monitor

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the actual file size or any upper-bound ceiling, then iterates BlockCount times, allocating a file-path entry per iteration. A crafted 44-byte littlefs image with BlockCount = 0xFFFFFFFF causes ~4 billion heap allocations, exhausting available memory. This vulnerability is fixed in 6.0.1698.0.

Denial Of Service Nanazip
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-42443 LOW PATCH Monitor

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fs_ipg (inodes per cylinder group) is set to zero. The parser uses this attacker-controlled value as a divisor without validation, causing an immediate hardware trap and process crash. This vulnerability is fixed in 6.0.1698.0.

Denial Of Service Nanazip
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-42442 LOW PATCH Monitor

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode (inode 2) is set to IFLNK (symlink) instead of IFDIR (directory). The parser unconditionally treats the root inode as a directory without checking its type, and when the symlink has an embedded target (small di_size), the directory data buffer is zero-length, causing a null-pointer dereference on the first read. This vulnerability is fixed in 6.0.1698.0.

Denial Of Service Null Pointer Dereference Nanazip
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-42355 LOW PATCH Monitor

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's GetAllPaths function recurse without depth limits, exhausting the thread stack and crashing the NanaZip process. This vulnerability is fixed in 6.0.1698.0.

Denial Of Service Nanazip
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-45362 LOW PATCH Monitor

Sangoma Switchvox before version 8.4 stores SIP authentication credentials in cleartext within backup files, allowing local attackers with physical or filesystem access to recover credentials with low complexity. This information disclosure vulnerability affects systems using the default backup functionality and has a publicly documented proof-of-concept exploit available on GitHub.

Information Disclosure Switchvox
NVD GitHub VulDB
CVSS 3.1
3.2
EPSS
0.0%
CVE-2026-40020 LOW PATCH Monitor

OX Dovecot Pro is vulnerable to IMAP SETACL command injection that allows authenticated users to bypass the imap_acl_allow_anyone configuration setting and inject the anyone permission into dovecot-acl files, enabling spam of mailbox folders to all users. The vulnerability requires authentication and elevated complexity conditions (CVSS 3.1), and no public exploits are known at the time of analysis.

Authentication Bypass Ox Dovecot Pro
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-32684 LOW Monitor

Hikvision Hik-Connect App fails to enforce strict directory access permissions, allowing other locally-installed applications to read sensitive information stored by the app on the device filesystem. The vulnerability requires local access and high attack complexity but poses information disclosure risk to users with multiple apps on the same device. No public exploit or active exploitation has been identified; CVSS score of 2.9 reflects the local-only attack vector and limited confidentiality impact.

Information Disclosure Hik Connect App
NVD
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-42158 LOW Monitor

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3.

Authentication Bypass
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-44278 LOW Monitor

Fortinet FortiClient Windows versions 7.2 (all) and 7.4.0 through 7.4.2 contain a hard-coded cryptographic key vulnerability that allows high-privileged local attackers to disclose sensitive information. The vulnerability requires local access and administrator-level privileges, limiting its real-world exploitation scope to threats already present on compromised systems or malicious insiders. No public exploit code or active exploitation has been confirmed at the time of analysis.

Fortinet Information Disclosure
NVD VulDB
CVSS 3.1
2.3
EPSS
0.0%
Prev Page 11 of 11

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy