CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 6/50 • 5958 CVEs.

Subscribe CVEs: RSS for “Security Misconfiguration”  ·  RSS (High+Critical only)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-03-05
Medium

CVE-2026-27344

Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through <=…

CVSS: 5.9 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-23799

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2026-22479

Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Post Submiss…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-22459

Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-69340

Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.Thi…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-2899

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the `deleteFile()` method in the `Uploader` c…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2026-03-04
High

CVE-2026-20062

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in…

CVSS: 7.2 CWE: CWE-279 - Incorrect Execution-Assigned Permissions View on NVD
Medium

CVE-2026-1674

The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-1980

The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list' route in all versions up to, and including, 1.0.8. This…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2026-03-03
Critical

CVE-2026-3266

Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs.…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2026-3342

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface.…

CVSS: 7.2 CWE: CWE-787 - Out-of-bounds Write View on NVD
2026-03-02
Medium

CVE-2025-15597

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2026-02-28
Medium

CVE-2026-28556

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-28555

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-28554

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforo_approve_ajax AJAX handler. Attackers exp…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2026-02-27
High

CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration f…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-28354

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify an…

CVSS: 6.5 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
Medium

CVE-2026-27792

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and pr…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-0871

A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes.…

CVSS: 4.9 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2026-02-26
Medium

CVE-2026-3268

A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttribute…

CVSS: 5.4 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2026-28217

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the `userCollection` GraphQL query accepts an arbitrary collection ID and returns the full collection data — includi…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2026-02-25
Medium

CVE-2026-3209

A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2026-28195

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2026-02-24
Medium

CVE-2026-3131

Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2026-22765

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leadin…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-63409

Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2026-02-23
Medium

CVE-2026-2698

An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.

CVSS: 6.5 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2026-2983

A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Impor…

CVSS: 7.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2026-02-22
High

CVE-2026-2938

A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulatio…

CVSS: 7.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2026-02-20
Critical

CVE-2026-2039

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authe…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2026-2038

GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authen…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-2852

A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2026-2851

A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repo…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2026-2850

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\s…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2026-2849

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repo…

CVSS: 5.4 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2026-24946

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-24944

Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2026-24941

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a throu…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2026-22351

Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar:…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-22350

Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Exploiting Incorrectly Configured Access Control Security Le…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-69393

Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through <= 1.2.4.

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-69388

Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo – Chatbot: from n/a through…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-69385

Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartif…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-69381

Missing Authorization vulnerability in vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-69303

Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Frame…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-69298

Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4.

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-69297

Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a t…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-69063

Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n…

CVSS: 8.6 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68837

Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Co…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-68834

Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Contro…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68564

Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68542

Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iris allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checko…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68534

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-68069

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.6.6.

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68050

Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-68048

Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lit…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-68043

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <=…

CVSS: 7.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68042

Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a thr…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68032

Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68028

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68026

Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68025

Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68024

Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify –…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68023

Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issu…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-68022

Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin…

CVSS: 7.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68021

Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a throu…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68005

Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-68000

Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-67994

Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <=…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-67993

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a throug…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-67977

Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a…

CVSS: 8.2 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-67975

Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through <= 3.0.…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-67974

Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a throu…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-67973

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Ph…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-67972

Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zoho ZeptoMail: from n/a through 3.2.9.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-67970

Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a…

CVSS: 5.9 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-67969

Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-67624

Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-67547

Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-53217

Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n…

CVSS: 7.6 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-54222

Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-43228

Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-34438

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.19.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-2819

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workf…

CVSS: 6.3 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2025-30416

Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (L…

CVSS: 10.0 CWE: CWE-862 - Missing Authorization View on NVD
2026-02-19
High

CVE-2026-21535

Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2026-27387

Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-27368

Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-27328

Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-27327

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through <= 4.3.2.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2026-26016

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user wit…

CVSS: 8.1 CWE: CWE-283 - Unverified Ownership View on NVD
Medium

CVE-2026-27092

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.3…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-27066

Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Securit…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-27056

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <=…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-27055

Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartCont…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-27042

Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a throu…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2026-26358

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to U…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25473

Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25459

Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25441

Missing Authorization vulnerability in varunvairavanlc LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a t…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2026-25423

Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3…

CVSS: 3.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25420

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: f…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25419

Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a t…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25416

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25415

Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25412

Missing Authorization vulnerability in mdempfle Advanced iFrame advanced-iframe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced iFrame: from n/a th…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25410

Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25409

Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deploym…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25408

Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifi…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25407

Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25404

Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a thr…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25402

Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Level…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25399

Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider:…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25395

Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a throug…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25394

Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25393

Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through <= 1.…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25391

Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25388

Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25387

Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optim…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-25386

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD