CVE-2025-68045

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

CVE-2026-40809

CVE-2026-40809 concerns the WordPress Metro Magazine theme (versions

EUVD-2026-37058

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1...

CVE-2026-40809 WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1...

CVE-2026-54190 WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...

EUVD-2026-37052

Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...

CVE-2026-54190

CVE-2026-54190 : Unauthenticated Broken Access Control affects the WordPress plugin Envira Photo Gallery versions up to and including 1.12.5 . The available sources describe an unauthenticated access control flaw in this plugin, with the vulnerability present in the affected release range. The co...

CVE-2026-52714

CVE-2026-52714 involves an unauthenticated broken access control in the WordPress SEO Plugin by Squirrly SEO, affected versions

CVE-2026-52714 WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...

EUVD-2026-37050

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...

CVE-2026-52711 WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WooCommerce POS = 1.8.14 versions...

EUVD-2026-37048

Unauthenticated Broken Access Control in WooCommerce POS = 1.8.14 versions...

CVE-2026-39490

The CVE-2026-39490 entry concerns the WordPress JupiterX Core plugin, affected at versions

CVE-2026-39490 WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in JupiterX Core = 4.14.1 versions...

EUVD-2025-210166

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

CVE-2025-68045 WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

CVE-2025-68045

CVE-2025-68045 concerns the WordPress WP Event Solution plugin, affected versions

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...

Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and...

Adobe ColdFusion - Access Control Bypass

There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrato...