CWE-86 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8240 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-26374	1 Q-free	1 Maxtime	2025-07-12	6.5 Medium
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
CVE-2025-26995	2 Anton Vanyukov, Wordpress	2 Market Exporter, Wordpress	2025-07-12	5.4 Medium
Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21.
CVE-2025-27294	2 Platcom, Wordpress	2 Wp-asambleas, Wordpress	2025-07-12	4.8 Medium
Missing Authorization vulnerability in platcom WP-Asambleas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP-Asambleas: from n/a through 2.85.0.
CVE-2025-30017	1 Sap	1 Solution Manager	2025-07-12	4.4 Medium
Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application.
CVE-2025-30074	1 Parallels	1 Parallels Desktop	2025-07-12	7.8 High
Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.
CVE-2025-30171	1 Abb	3 Aspect Enterprise, Matrix Series, Nexus Series	2025-07-12	9 Critical
System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
CVE-2025-30592	2 Westerndeal, Wordpress	2 Advanced Dewplayer, Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in westerndeal Advanced Dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Dewplayer: from n/a through 1.6.
CVE-2025-30741	1 Pixelfed	1 Pixelfed	2025-07-12	4.3 Medium
Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.
CVE-2025-30828	2 Arraytics, Wordpress	2 Timetics, Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29.
CVE-2025-30853	1 Shortpixel	1 Shortpixel Adaptive Images	2025-07-12	5.4 Medium
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShortPixel Adaptive Images: from n/a through 3.10.0.
CVE-2025-30881	2 Themehunk, Wordpress	2 Big Store, Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Big Store: from n/a through 2.0.8.
CVE-2025-30909	2 Conversios, Wordpress	2 Conversios.io, Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3.
CVE-2025-31417	2 Fahad Mahmood, Wordpress	2 Wp Docs, Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a.
CVE-2025-31481	1 Api-platform	1 Core	2025-07-12	7.5 High
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17.
CVE-2025-31732	1 Gb-plugins	1 Gb Gallery Slideshow	2025-07-12	4.3 Medium
Missing Authorization vulnerability in gb-plugins GB Gallery Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GB Gallery Slideshow: from n/a through 1.3.
CVE-2025-31822	2 Ashish Ajani, Wordpress	2 Wp Simple Html Sitemap, Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Simple HTML Sitemap: from n/a through 3.2.
CVE-2025-31868	1 Joomsky	1 Js Job Manager	2025-07-12	5.3 Medium
Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2.
CVE-2025-31877	2 Magnigenie, Wordpress	2 Restropress, Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4.
CVE-2024-10813	1 Codeastrology	1 Woo Product Table	2025-07-12	5.3 Medium
The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data.
CVE-2024-10542	1 Cleantalk	2 Anti-spam, Antispam	2025-07-12	9.8 Critical
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.

« first previous Page 94 of 412. next last »