Export limit exceeded: 361553 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8397 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40795 | 2 Tms, Wordpress | 2 Amelia, Wordpress | 2026-06-23 | 6.5 Medium |
| Subscriber Broken Access Control in Amelia <= 2.2 versions. | ||||
| CVE-2026-42664 | 2 Motive Commerce Search, Wordpress | 2 Ai Product Search For Woocommerce – Motive Commerce Search, Wordpress | 2026-06-23 | 8.2 High |
| Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions. | ||||
| CVE-2026-42666 | 2 Dimitri Grassi, Wordpress | 2 Salon Booking System, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions. | ||||
| CVE-2026-48835 | 2 Awesomemotive, Wordpress | 2 Contact Form By Wpforms, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions. | ||||
| CVE-2026-48887 | 2 Ahmad, Wordpress | 2 Js Help Desk, Wordpress | 2026-06-23 | 6.5 Medium |
| Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions. | ||||
| CVE-2026-49070 | 2 Knit Pay, Wordpress | 2 Knit Pay, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions. | ||||
| CVE-2026-9187 | 2 Wordpress, Zealopensource | 2 Wordpress, Abandoned Contact Form 7 | 2026-06-23 | 5.3 Medium |
| The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the action__remove_abandoned() function, which is registered to both the wp_ajax_remove_abandoned and wp_ajax_nopriv_remove_abandoned hooks. The handler takes a user-supplied recover_id parameter from $_POST and passes it directly to wp_delete_post() with the force-delete flag set to true, without verifying that the ID belongs to the plugin's own cf7af_data post type. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, or other content on the affected site by sending a single admin-ajax. | ||||
| CVE-2025-68045 | 2 Arraytics, Wordpress | 2 Wp Event Solution, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions. | ||||
| CVE-2026-52711 | 2 Kilbot, Wordpress | 2 Woocommerce Pos, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions. | ||||
| CVE-2026-54190 | 2 Awesomemotive, Wordpress | 2 Envira Photo Gallery, Wordpress | 2026-06-23 | 6.5 Medium |
| Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions. | ||||
| CVE-2026-40809 | 2 Rara Themes, Wordpress | 2 Metro Magazine, Wordpress | 2026-06-23 | 6.5 Medium |
| Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1. | ||||
| CVE-2025-69103 | 2 Utillz, Wordpress | 2 Brikk, Wordpress | 2026-06-23 | 7.5 High |
| Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions. | ||||
| CVE-2025-69137 | 2 Jthemes, Wordpress | 2 Genemy, Wordpress | 2026-06-23 | 6.5 Medium |
| Subscriber Broken Access Control in Genemy <= 1.6.6 versions. | ||||
| CVE-2026-8934 | 1 Google Cloud | 1 Cloud Console Uis | 2026-06-23 | N/A |
| A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched on 7 April 2026, and no customer action is needed. | ||||
| CVE-2026-56696 | 1 Hkuds | 1 Openharness | 2026-06-23 | 5.4 Medium |
| OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/pr_comments.md files, which are subsequently injected into runtime system prompts, persistently influencing local agent behavior. | ||||
| CVE-2026-54019 | 1 Open-webui | 1 Open-webui | 2026-06-23 | 6.5 Medium |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as legacy/ephemeral collections. In Milvus multitenancy mode, that user-controlled collection name becomes a resource_id and is interpolated into a Milvus expression without escaping. This is caused by an incomplete fix for CVE-2026-44560 This vulnerability is fixed in 0.9.6. | ||||
| CVE-2026-54012 | 1 Open-webui | 1 Open-webui | 2026-06-23 | 7.1 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the referenced files. Open WebUI then treats meta.knowledge entries of type file as an authorization source in two places: the built-in view_file tool reads the file's extracted text, and has_access_to_file()'s model branch authorizes the file content and file delete endpoints. A malicious model owner can therefore attach another user's file ID to their model metadata and read or delete that private file. This vulnerability is fixed in 0.9.6. | ||||
| CVE-2026-54010 | 1 Open-webui | 1 Open-webui | 2026-06-23 | 8.3 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary file_id values to their own chat message without checking whether they own or can read those files. If the attacker then shares that chat and grants themselves read access, has_access_to_file() treats the victim file as accessible through the shared chat, and the file endpoints read or delete the victim file. This vulnerability is fixed in 0.9.6. | ||||
| CVE-2026-27604 | 1 Fossbilling | 1 Fossbilling | 2026-06-23 | N/A |
| FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged `/api/system/*` endpoints. Because `system` resolves to the cron admin identity, attackers can invoke admin API methods without valid credentials, session, or CSRF token. Version 0.8.0 patches the issue. Some workarounds are available. Block external access to `/api/system/*` at reverse proxy/WAF, restrict API access by trusted source IPs only (`api.allowed_ips`), rotate all admin/client API tokens immediately, invalidate active sessions and reset high-privilege credentials, and/or review API request logs for suspicious `/api/system/` access and treat as potential incident. | ||||
| CVE-2026-56104 | 1 Chainlit | 1 Chainlit | 2026-06-23 | 8.2 High |
| Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the restore_existing_session path to assume a victim's permissions and roles, enabling unauthorized invocation of tools and access to data restricted to the authenticated victim. | ||||