Latest CVE Feed
-
4.3
MEDIUMCVE-2025-6461
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on whic... Read more
Affected Products :- Published: Jan. 25, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2026-24571
Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through <= 3.0.2.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-24327
Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confident... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-24569
Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through <= 1.6.7.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-36410
IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security.... Read more
Affected Products : applinx- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-24985
Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-67857
A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading ... Read more
Affected Products : moodle- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2026-1051
The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hook_newsletter_action() function... Read more
Affected Products : newsletter- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2026-24535
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Vide... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-24544
Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through <= 2.0.9.... Read more
Affected Products : hd_quiz- Published: Jan. 23, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-15395
IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.... Read more
Affected Products : jazz_foundation- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-25934
go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially c... Read more
Affected Products : go-git- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2026-24636
Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lite) sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar (Lite): from n/a through <= 3.10.1.... Read more
Affected Products : sugar_calendar- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-23683
SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiality, integrity and availability are not impacted.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-23688
SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-67626
Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2026-24521
Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through <= 3.5.1.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-15376
The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'set_stopwords_for_comments' and 'delete_stopwords_for_comments' function... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2026-1082
The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page form handler in `inc/settings-page.php`. This makes it possible for... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2026-22624
Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization