Search Results (11815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-23545 2 Arubadev, Wordpress 2 Aruba Hispeed Cache, Wordpress 2026-04-16 6.5 Medium
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4.
CVE-2026-23547 2 Cmsmasters, Wordpress 2 Cmsmasters Content Composer, Wordpress 2026-04-16 7.1 High
Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8.
CVE-2026-23804 2 Bbr Plugins, Wordpress 2 Better Business Reviews, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.
CVE-2026-25318 2 Wisernotify Team, Wordpress 2 Wiserreview Product Reviews For Woocommerce, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.
CVE-2026-25321 2 Psm Plugins, Wordpress 2 Supportcandy, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.
CVE-2026-25386 2 Elementor, Wordpress 2 Ally, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2.
CVE-2026-25388 2 Scripteo, Wordpress 2 Ads Pro, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.
CVE-2026-25395 2 Ikreatethemes, Wordpress 2 Business Roy, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through <= 1.1.4.
CVE-2026-25407 2 Cookiebot, Wordpress 2 Cookiebot, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.
CVE-2026-25408 2 Pluginrx, Wordpress 2 Broken Link Notifier, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through <= 1.3.5.
CVE-2026-25416 2 Blazethemes, Wordpress 2 News Kit Elementor Addons, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.
CVE-2026-25473 2 Aa-team, Wordpress 2 Wzone, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.
CVE-2026-27055 2 Pencidesign, Wordpress 2 Penci Ai Smartcontent Creator, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through <= 2.0.
CVE-2026-26336 1 Hyland 3 Alfresco Community, Alfresco Content Services, Alfresco Enterprise 2026-04-16 7.5 High
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
CVE-2026-27327 2 Wordpress, Yaycommerce 2 Wordpress, Yaymail – Woocommerce Email Customizer 2026-04-16 4.3 Medium
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through <= 4.3.2.
CVE-2026-27368 2 Seedprod, Wordpress 2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
CVE-2026-27387 2 Designinvento, Wordpress 2 Directorypress, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.
CVE-2026-24944 2 Wedevs, Wordpress 2 Subscribe2, Wordpress 2026-04-16 6.5 Medium
Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.
CVE-2026-22765 1 Dell 1 Wyse Management Suite 2026-04-16 8.8 High
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2026-26741 1 Dronecode 1 Px4 Drone Autopilot 2026-04-16 8.1 High
PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the system lacks a throttle threshold safety check for the physical throttle stick. This flaw can directly cause the drone to lose control, experience rapid uncontrolled ascent (flyaway), and result in property damage