CVE-2026-49072

Unauthenticated Broken Access Control in WooCommerce Anti-Fraud = 7.2.6 versions...

CVE-2026-49057

Unauthenticated Broken Access Control in JobSearch = 3.2.7 versions...

CVE-2026-48797

Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...

CVE-2026-48616

Rocket.Chat versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file downloads at /file-upload/:fileId/:name authorize livechat access using rcroomtype=l with rcrid+rctoken, but the authorization path does not verify...

CVE-2026-45436

Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...

CVE-2026-40722

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...

CVE-2026-40726

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...

CVE-2026-39595

Author Broken Access Control in W3 Total Cache = 2.9.1 versions...

CVE-2026-24610

Subscriber Broken Access Control in MetForm Pro = 3.9.1 versions...

CVE-2026-24611

Unauthenticated Broken Access Control in MetForm Pro = 3.9.1 versions...

CVE-2026-22343

Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...

CVE-2025-69137

Subscriber Broken Access Control in Genemy = 1.6.6 versions...

CVE-2025-15642

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...

CVE-2024-37210

Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5...

CVE-2024-37496

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7...

CVE-2024-33685

Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1...

CVE-2024-33909

Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1...

CVE-2024-32949

Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8...

CVE-2024-24709

Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11...

CVE-2024-37496

CVE-2024-37496 concerns the WordPress Metro Magazine theme (