682 matches found
ZimaOS - Authentication Bypass
ZimaOS = 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. id: CVE-2026-21891 info: name: ZimaO...
CVE-2026-57352
CVE-2026-57352 concerns the WordPress plugin ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce (
CVE-2026-56029
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...
EUVD-2026-39692
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...
CVE-2026-56029 WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...
CVE-2026-56029
CVE-2026-56029 affects the WordPress CorvusPay WooCommerce Payment Gateway plugin ≤ 2.7.4. It is described as an Unauthenticated Broken Authentication vulnerability. The CVSS 3.1 base score is 7.5 (HIGH) with network attack vector, no user interaction, and no confidentiality or availability impac...
CVE-2026-56237
Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...
CVE-2026-56237
Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...
WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by ParkHyunWoo in WordPress Plugin CorvusPay WooCommerce Payment Gateway versions = 2.7.4...
EUVD-2026-37638
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
EUVD-2026-37640
Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...
EUVD-2026-37614
Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...
EUVD-2026-37609
Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...
EUVD-2026-37666
Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...
CVE-2026-54817 WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...
CVE-2026-54802
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
CVE-2026-49767
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
CVE-2026-49071
Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...
CVE-2026-42629
Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...
CVE-2026-25439
Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...