CWE-862 CVEs and Security Vulnerabilities

Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (7893 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-23547	2 Cmsmasters, Wordpress	2 Cmsmasters Content Composer, Wordpress	2026-04-16	7.1 High
Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8.
CVE-2026-23804	2 Bbr Plugins, Wordpress	2 Better Business Reviews, Wordpress	2026-04-16	5.4 Medium
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.
CVE-2026-25318	2 Wisernotify Team, Wordpress	2 Wiserreview Product Reviews For Woocommerce, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.
CVE-2026-25321	2 Psm Plugins, Wordpress	2 Supportcandy, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.
CVE-2026-25386	2 Elementor, Wordpress	2 Ally, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2.
CVE-2026-25388	2 Scripteo, Wordpress	2 Ads Pro, Wordpress	2026-04-16	5.4 Medium
Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.
CVE-2026-25395	2 Ikreatethemes, Wordpress	2 Business Roy, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through <= 1.1.4.
CVE-2026-25407	2 Cookiebot, Wordpress	2 Cookiebot, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.
CVE-2026-25408	2 Pluginrx, Wordpress	2 Broken Link Notifier, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through <= 1.3.5.
CVE-2026-25416	2 Blazethemes, Wordpress	2 News Kit Elementor Addons, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.
CVE-2026-25473	2 Aa-team, Wordpress	2 Wzone, Wordpress	2026-04-16	5.4 Medium
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.
CVE-2026-27055	2 Pencidesign, Wordpress	2 Penci Ai Smartcontent Creator, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through <= 2.0.
CVE-2026-27327	2 Wordpress, Yaycommerce	2 Wordpress, Yaymail – Woocommerce Email Customizer	2026-04-16	4.3 Medium
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through <= 4.3.2.
CVE-2026-27368	2 Seedprod, Wordpress	2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
CVE-2026-27387	2 Designinvento, Wordpress	2 Directorypress, Wordpress	2026-04-16	5.4 Medium
Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.
CVE-2026-24944	2 Wedevs, Wordpress	2 Subscribe2, Wordpress	2026-04-16	6.5 Medium
Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.
CVE-2026-22765	1 Dell	1 Wyse Management Suite	2026-04-16	8.8 High
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2026-26741	1 Dronecode	1 Px4 Drone Autopilot	2026-04-16	8.1 High
PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the system lacks a throttle threshold safety check for the physical throttle stick. This flaw can directly cause the drone to lose control, experience rapid uncontrolled ascent (flyaway), and result in property damage
CVE-2026-30970	2 Coral-protocol, Coralos	2 Coral-server, Coral Server	2026-04-16	9.1 Critical
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint performs resource-intensive initialization operations including container spawning and memory context creation. An attacker capable of accessing the endpoint could create sessions or consume system resources without proper authorization. This vulnerability is fixed in 1.1.0.
CVE-2026-3582	1 Github	1 Enterprise Server	2026-04-16	4.3 Medium
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token (PAT) lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user must have had existing access to the repository through organization membership or as a collaborator for the vulnerability to be exploitable. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.20 and was fixed in versions 3.16.15, 3.17.12, 3.18.6 and 3.19.3. This vulnerability was reported via the GitHub Bug Bounty program.

« first previous Page 166 of 395. next last »