Search
Search Results (8396 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-52701 | 2 Themegrill, Wordpress | 2 User Registration, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions. | ||||
| CVE-2026-57648 | 2 Nelio Software, Wordpress | 2 Nelio Content, Wordpress | 2026-06-26 | 4.3 Medium |
| Contributor Broken Access Control in Nelio Content <= 4.3.4 versions. | ||||
| CVE-2026-24547 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions. | ||||
| CVE-2026-54837 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions. | ||||
| CVE-2026-57649 | 2026-06-26 | 4.3 Medium | ||
| Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions. | ||||
| CVE-2026-57324 | 2 Villatheme, Wordpress | 2 Gift4u, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions. | ||||
| CVE-2026-57622 | 2 Arraytics, Wordpress | 2 Wpcafe, Wordpress | 2026-06-26 | 4.3 Medium |
| Subscriber Broken Access Control in WPCafe <= 3.0.14 versions. | ||||
| CVE-2026-54847 | 2 Design, Wordpress | 2 Stylish Cost Calculator, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions. | ||||
| CVE-2026-54029 | 1 Danny-avila | 1 Libre Chat | 2026-06-26 | 5.3 Medium |
| LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId belongs to the requesting user, but the handler calls deleteMessages({ messageId }) using only the messageId as the MongoDB filter — without adding a user constraint. An attacker provides their own valid conversationId (to pass validation) and the victim's messageId (to target deletion), resulting in permanent, irrecoverable message deletion. This vulnerability is fixed in 0.8.4-rc1. | ||||
| CVE-2026-57632 | 2026-06-26 | 5.4 Medium | ||
| Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions. | ||||
| CVE-2026-57645 | 2026-06-26 | 8.1 High | ||
| newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. | ||||
| CVE-2025-63078 | 2026-06-26 | 4.3 Medium | ||
| Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. | ||||
| CVE-2026-54832 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions. | ||||
| CVE-2026-54840 | 2026-06-26 | 7.3 High | ||
| Unauthenticated Broken Access Control in Newsletters <= 4.13 versions. | ||||
| CVE-2026-56025 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions. | ||||
| CVE-2026-56038 | 2026-06-26 | 8.8 High | ||
| Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions. | ||||
| CVE-2026-56063 | 2026-06-26 | 8.3 High | ||
| Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions. | ||||
| CVE-2026-57923 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 5.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings | ||||
| CVE-2025-63041 | 2026-06-26 | 5.4 Medium | ||
| Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. | ||||
| CVE-2026-57925 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 4.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags | ||||