CWE-86 CVEs and Security Vulnerabilities

Export limit exceeded: 10785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10785 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-42377	2 Brainstormforce, Wordpress	2 Sureforms, Wordpress	2026-04-29	7.3 High
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0.
CVE-2026-42431	1 Openclaw	1 Openclaw	2026-04-29	8.1 High
OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations.
CVE-2026-42429	1 Openclaw	1 Openclaw	2026-04-29	7.1 High
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway auth route to gain unauthorized write access to runtime operations.
CVE-2026-42422	1 Openclaw	1 Openclaw	2026-04-29	8.8 High
OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval.
CVE-2025-22285			2026-04-29	N/A
Missing Authorization vulnerability in enituretechnology Pallet Packaging for WooCommerce pallet-packaging-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through <= 1.1.15.
CVE-2025-22287			2026-04-29	5.4 Medium
Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through <= 2.3.11.
CVE-2026-40778	2 Majesticsupport, Wordpress	2 Majestic Support, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through <= 1.1.2.
CVE-2026-40786	2 Long Watch Studio, Wordpress	2 Myrewards, Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through <= 5.7.3.
CVE-2026-40742	2 Neliosoftware, Wordpress	2 Nelio Ab Testing, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a through <= 8.2.8.
CVE-2026-40728	2 Blockart, Wordpress	2 Magazine Blocks, Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through <= 1.8.3.
CVE-2026-40729	2 Bplugins, Wordpress	2 3d Viewer – Embed 3d Models, Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through <= 1.8.5.
CVE-2026-39701	2 Andrew, Wordpress	2 Shopwp, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4.
CVE-2026-39704	2 Nfusionsolutions, Wordpress	2 Precious Metals Automated Product Pricing – Pro, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/a through <= 4.0.5.
CVE-2026-39706	2 Netro Systems, Wordpress	2 Make My Trivia, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through <= 1.1.0.
CVE-2026-39713	2 Mailercloud, Wordpress	2 Mailercloud – Integrate Webforms And Synchronize Website Contacts, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and synchronize website contacts: from n/a through <= 1.0.7.
CVE-2026-39700	2 Wordpress, Wpxpo	2 Wordpress, Wowoptin	2026-04-29	5.3 Medium
Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32.
CVE-2026-39689	2 Eshipper, Wordpress	2 Eshipper Commerce, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12.
CVE-2026-39716	2 Ckthemes, Wordpress	2 Flipmart, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8.
CVE-2026-39698	2 Publisherdesk, Wordpress	2 The Publisher Desk Ads.txt, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Publisher Desk ads.txt: from n/a through <= 1.5.0.
CVE-2026-39697	2 Hbss Technologies, Wordpress	2 Maio – The New Ai Geo / Seo Tool, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO – The new AI GEO / SEO tool: from n/a through <= 6.2.8.

« first previous Page 13 of 540. next last »