CWE-86 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11337 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-54415			2026-06-17	8.1 High
Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS before 1.2.11 on all platforms allows an authenticated attacker with the admin.access permission to create AzLink server tokens and take over non-admin user accounts by changing their passwords and email addresses via crafted HTTP requests to /admin/servers/create and the AzLink API endpoints (/api/azlink/password, /api/azlink/email, /api/azlink/user/{id}).
CVE-2026-54810			2026-06-17	7.5 High
Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1.
CVE-2025-69189			2026-06-17	7.3 High
Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3.
CVE-2024-24709	2 Shareaholic, Wordpress	2 Shareaholic, Wordpress	2026-06-17	4.3 Medium
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
CVE-2026-32967	1 Apache	1 Dolphinscheduler	2026-06-17	6.5 Medium
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVE-2026-32966			2026-06-17	7.5 High
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVE-2026-24611	2 Wordpress, Wpmet	2 Wordpress, Metform Pro	2026-06-17	9.1 Critical
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-24610	2 Wordpress, Wpmet	2 Wordpress, Metform Pro	2026-06-17	4.3 Medium
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-39595	2 Boldgrid, Wordpress	2 W3 Total Cache, Wordpress	2026-06-17	4.7 Medium
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
CVE-2026-45436			2026-06-17	6.5 Medium
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
CVE-2024-37210			2026-06-17	6.5 Medium
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5.
CVE-2026-40723	2 Bricks, Wordpress	2 Bricks Builder, Wordpress	2026-06-17	4.3 Medium
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
CVE-2026-11858			2026-06-17	N/A
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary file write and delete operations with SYSTEM privileges and can be used to achieve local privilege escalation.
CVE-2026-54803			2026-06-17	9.8 Critical
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
CVE-2026-54802			2026-06-17	7.5 High
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2024-33685			2026-06-17	4.3 Medium
Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1.
CVE-2026-49081			2026-06-17	8.2 High
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
CVE-2026-24575	2 Wishlist Member, Wordpress	2 Wishlist Member X, Wordpress	2026-06-17	4.3 Medium
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
CVE-2024-32949	2 Prince, Wordpress	2 Integrate Google Drive, Wordpress	2026-06-17	8.3 High
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8.
CVE-2024-33909	2 Avirtum, Wordpress	2 Ipages Flipbook, Wordpress	2026-06-17	5.3 Medium
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.

« first previous Page 4 of 567. next last »