CWE-86 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8928 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-1148	1 Sourcecodester	1 Patients Waiting Area Queue Management System	2026-01-20	4.3 Medium
A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This vulnerability affects unknown code. Executing a manipulation can lead to cross-site request forgery. It is possible to launch the attack remotely.
CVE-2025-49925	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2026-01-20	7.3 High
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
CVE-2025-49922	2 Etruel, Wordpress	2 Wpematico Rss Feed Fetcher, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3.
CVE-2026-23875	1 Crawlchat	1 Crawlchat	2026-01-20	N/A
CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base. Usually, admin / mods of a Discord guild use the `jigsaw` emoji to save a specific message (chain) onto the collection's knowledge base of CrawlChat. Unfortunately an permission check (for e.g. MANAGE_SERVER; MANAGE_MESSAGES etc.) was not done, allowing normal users of the guild to information to the knowledge base. With targeting specific parts that are commonly asked, users can manipulate the content given out by the bot (on all integrations), to e.g. redirect users to a malicious site, or send information to a malicious user. Version 0.0.8 patches the issue.
CVE-2025-43904	1 Schedmd	1 Slurm	2026-01-20	4.2 Medium
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.
CVE-2026-1007	1 Devolutions	1 Devolutions Server	2026-01-20	7.6 High
Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.
CVE-2026-0676	1 Wordpress	1 Wordpress	2026-01-20	5.3 Medium
Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through <= 1.5.7.
CVE-2026-0674	2 Campaign Monitor, Wordpress	2 For Wordpress, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Campaign Monitor for WordPress: from n/a through <= 2.9.0.
CVE-2025-69364	2 Cloudways, Wordpress	2 Breeze, Wordpress	2026-01-20	5.3 Medium
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.
CVE-2025-69363	2 Cyberchimps, Wordpress	2 Responsive Addons For Elementor, Wordpress	2026-01-20	6.5 Medium
Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.
CVE-2025-69361	2 Publishpress, Wordpress	2 Post Expirator, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.
CVE-2025-69359	2 Wordpress, Wpfunnels	2 Wordpress, Creator Lms	2026-01-20	5.3 Medium
Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through <= 1.1.12.
CVE-2025-69355	2 Tickera, Wordpress	2 Tickera, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.4.
CVE-2025-69354	1 Wordpress	1 Wordpress	2026-01-20	5.4 Medium
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.
CVE-2025-69353	1 Wordpress	1 Wordpress	2026-01-20	5.4 Medium
Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN Blocker: from n/a through <= 3.5.3.
CVE-2025-69352	2 Stellarwp, Wordpress	2 The Events Calendar, Wordpress	2026-01-20	5.4 Medium
Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.15.12.2.
CVE-2025-69349	2 Fahadmahmood, Wordpress	2 Rss Feed Widget, Wordpress	2026-01-20	5.4 Medium
Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through <= 3.0.2.
CVE-2025-69348	2 Coolhappy, Wordpress	2 The Events Calendar Countdown Addon, Wordpress	2026-01-20	5.4 Medium
Missing Authorization vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar Countdown Addon: from n/a through <= 1.4.15.
CVE-2025-69346	1 Wordpress	1 Wordpress	2026-01-20	5.4 Medium
Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through <= 1.3.9.3.
CVE-2025-69345	2 Boldgrid, Wordpress	2 Post And Page Builder, Wordpress	2026-01-20	5.4 Medium
Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.9.

« first previous Page 3 of 447. next last »