Export limit exceeded: 11025 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11025 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42763 | 2 Sepay Team, Wordpress | 2 Sepay Gateway, Wordpress | 2026-05-26 | 6.5 Medium |
| Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20. | ||||
| CVE-2026-32389 | 2 Linethemes, Wordpress | 2 Nanocare, Wordpress | 2026-05-26 | 5.4 Medium |
| Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2. | ||||
| CVE-2026-24638 | 2 Webful Creations, Wordpress | 2 Repairbuddy, Wordpress | 2026-05-26 | 4.3 Medium |
| Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121. | ||||
| CVE-2026-24590 | 2 Videowhisper.com, Wordpress | 2 Paid Videochat Turnkey Site, Wordpress | 2026-05-26 | 5.3 Medium |
| Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23. | ||||
| CVE-2026-5146 | 1 Devolutions | 2 Devolutions Server, Server | 2026-05-26 | 4.3 Medium |
| Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation. This issue affects the following versions : * Devolutions Server 2026.1.6.0 through 2026.1.15.0 * Devolutions Server 2025.3.19.0 and earlier | ||||
| CVE-2026-9486 | 1 Sourcecodester | 1 Student Grades Management System | 2026-05-26 | 4.3 Medium |
| A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-20238 | 1 Splunk | 2 Ai Toolkit, Splunk Ai Toolkit | 2026-05-26 | 6.5 Medium |
| In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.<br><br>The app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in ‘user’ role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles. | ||||
| CVE-2026-8407 | 1 Devolutions | 2 Devolutions Server, Server | 2026-05-26 | 4.3 Medium |
| Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted requests to PAM API endpoints. This issue affects the following versions : * Devolutions Server 2026.1.6.0 through 2026.1.11.0 * Devolutions Server 2025.3.16.0 and earlier | ||||
| CVE-2026-42432 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 7.8 High |
| OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without the operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system. | ||||
| CVE-2026-42429 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 7.1 High |
| OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway auth route to gain unauthorized write access to runtime operations. | ||||
| CVE-2026-32067 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 3.7 Low |
| OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically accepted in another account in multi-account deployments without explicit approval, bypassing authorization boundaries. | ||||
| CVE-2026-27357 | 2 Cornelraiu, Wordpress | 2 Wp Search Analytics, Wordpress | 2026-05-26 | 5.3 Medium |
| Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Search Analytics: from n/a before 1.5.0. | ||||
| CVE-2026-45438 | 2 Webtoffee, Wordpress | 2 Smart Coupons For Woocommerce, Wordpress | 2026-05-26 | 7.5 High |
| Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommerce: from n/a before 2.3.0. | ||||
| CVE-2026-8046 | 1 Codesys | 32 Codesys Control For Beaglebone Sl, Codesys Control For Empc A Imx6 Sl, Codesys Control For Iot2000 Sl and 29 more | 2026-05-26 | 8.1 High |
| The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges. | ||||
| CVE-2026-43568 | 1 Openclaw | 1 Openclaw | 2026-05-25 | 6.5 Medium |
| OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to escalate privileges. | ||||
| CVE-2026-28557 | 2 Gvectors, Wordpress | 2 Wpforo Forum, Wordpress | 2026-05-25 | 6.5 Medium |
| wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforo_synch_roles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then remap all wpForo usergroups to arbitrary WordPress roles. | ||||
| CVE-2026-33712 | 1 Baptistearno | 1 Typebot.io | 2026-05-25 | 10 Critical |
| Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side code blocks. The fetch function exposed inside the isolated-vm sandbox calls Node.js native fetch without the SSRF validation (validateHttpReqUrl) that protects the HTTP Request block. This bypasses all SSRF mitigations added after GHSA-8gq9-rw7v-3jpr. Exploitation of this unauthenticated SSRF vulnerability can lead to cloud credential theft, internal network access and data exfiltration for any self-hosted Typebot deployments and hosted services. This issue has been fixed in version 3.16.0. | ||||
| CVE-2026-39966 | 1 Baptistearno | 1 Typebot.io | 2026-05-25 | 6.5 Medium |
| TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter() with an async callback — since filter() is synchronous, the callback always returns a truthy Promise, so the access control predicate is never actually evaluated. Any authenticated Typebot user can read the full definition of any other workspace's private bots, including: all conversation blocks and logic flow, variable values embedded in the bot (credentials, API keys, PII), webhook URLs and integration configurations. This issue has been fixed in version 3.16.0. | ||||
| CVE-2026-47101 | 2 Berriai, Litellm | 2 Litellm, Litellm | 2026-05-23 | 8.8 High |
| LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin. | ||||
| CVE-2026-47102 | 2 Berriai, Litellm | 2 Litellm, Litellm | 2026-05-23 | 8.8 High |
| LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin, gaining full administrative access to LiteLLM including all users, teams, keys, models, and prompt history. Users with the org_admin role have legitimate access to this endpoint and can exploit this vulnerability without chaining any additional flaw. | ||||