Export limit exceeded: 334660 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334660 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68026 | 2 Niaj Morshed, Wordpress | 2 Lc Wizard, Wordpress | 2026-02-24 | 6.5 Medium |
| Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1. | ||||
| CVE-2025-68024 | 2 Addonify, Wordpress | 2 Addonify – Woocommerce Wishlist, Wordpress | 2026-02-24 | 6.5 Medium |
| Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through <= 2.0.15. | ||||
| CVE-2025-68022 | 2 Soporteblue, Wordpress | 2 Plugin Bluex For Woocommerce, Wordpress | 2026-02-24 | 6.3 Medium |
| Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through <= 3.1.6. | ||||
| CVE-2025-68005 | 2 Themewant, Wordpress | 2 Easy Hotel Booking, Wordpress | 2026-02-24 | 6.5 Medium |
| Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.8.7. | ||||
| CVE-2025-68000 | 2 Pickplugins, Wordpress | 2 Testimonial Slider, Wordpress | 2026-02-24 | 6.5 Medium |
| Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15. | ||||
| CVE-2025-67997 | 2 Boldthemes, Wordpress | 2 Travelicious, Wordpress | 2026-02-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7. | ||||
| CVE-2025-67993 | 2 Vito Peleg, Wordpress | 2 Atarim, Wordpress | 2026-02-24 | 6.5 Medium |
| Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1. | ||||
| CVE-2025-67977 | 2 Villatheme, Wordpress | 2 Happy, Wordpress | 2026-02-24 | 8.2 High |
| Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8. | ||||
| CVE-2025-67974 | 2 Wordpress, Wplegalpages | 2 Wordpress, Wp Legal Pages | 2026-02-24 | 7.5 High |
| Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4. | ||||
| CVE-2025-67970 | 2 Vertim, Wordpress | 2 Schedula, Wordpress | 2026-02-24 | 5.3 Medium |
| Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a through <= 1.0. | ||||
| CVE-2025-67624 | 2 Arya Dhiratara, Wordpress | 2 Optimize More! – Images, Wordpress | 2026-02-24 | 6.5 Medium |
| Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through <= 1.1.3. | ||||
| CVE-2025-46320 | 2026-02-24 | 6.1 Medium | ||
| A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7. | ||||
| CVE-2026-27205 | 2 Pallets, Palletsprojects | 2 Flask, Flask | 2026-02-24 | 4.3 Medium |
| Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache the response, as it may contain information specific to a logged in user. This is handled in most cases, but some forms of access such as the Python in operator were overlooked. The severity and risk depend on the application being hosted behind a caching proxy that doesn't ignore responses with cookies, not setting a Cache-Control header to mark pages as private or non-cacheable, and accessing the session in a way that only touches keys without reading values or mutating the session. The issue has been fixed in version 3.1.3. | ||||
| CVE-2026-21420 | 1 Dell | 1 Repository Manager | 2026-02-24 | 7.3 High |
| Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges. | ||||
| CVE-2026-2778 | 2026-02-24 | 7.5 High | ||
| Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2764 | 2026-02-24 | 7.5 High | ||
| JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2757 | 2026-02-24 | 7.5 High | ||
| Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-24241 | 2026-02-24 | 4.3 Medium | ||
| NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2026-23859 | 2026-02-24 | 2.7 Low | ||
| Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass. | ||||
| CVE-2026-23858 | 2026-02-24 | 5.4 Medium | ||
| Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection. | ||||