Total
6607 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1734 | 2026-02-03 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-13348 | 2026-02-03 | N/A | N/A | ||
| An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update for ASUS Business Manager" section on the ASUS Security Advisory for more information. | |||||
| CVE-2026-1431 | 2026-02-03 | N/A | 5.3 MEDIUM | ||
| The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information including customer names, phones and emails. | |||||
| CVE-2025-15510 | 2026-02-03 | N/A | 5.3 MEDIUM | ||
| The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configurations, that may include sensitive data, such as email addresses, PayPal API credentials, and third-party integration keys by enumerating the nex_forms_Id parameter. | |||||
| CVE-2026-1745 | 2026-02-03 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-1751 | 2026-02-03 | N/A | 3.1 LOW | ||
| A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions. | |||||
| CVE-2026-25016 | 2026-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through <= 1.3.5. | |||||
| CVE-2026-25036 | 2026-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through <= 4.2.25. | |||||
| CVE-2026-25020 | 2026-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through <= 1.7.0. | |||||
| CVE-2026-25011 | 2026-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41. | |||||
| CVE-2026-25028 | 2026-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.1. | |||||
| CVE-2026-24984 | 2026-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9. | |||||
| CVE-2025-49181 | 1 Sick | 1 Media Server | 2026-02-03 | N/A | 8.6 HIGH |
| Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack. | |||||
| CVE-2025-62972 | 1 Webinarpress | 1 Webinarpress | 2026-02-03 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through <= 1.33.28. | |||||
| CVE-2025-67540 | 2026-02-02 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from n/a through <= 2.4.5. | |||||
| CVE-2025-66079 | 2026-02-02 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.2.0. | |||||
| CVE-2025-66071 | 2026-02-02 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in tychesoftwares Custom Order Numbers for WooCommerce custom-order-numbers-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Order Numbers for WooCommerce: from n/a through <= 1.11.0. | |||||
| CVE-2026-23721 | 1 Openproject | 1 Openproject | 2026-02-02 | N/A | 4.3 MEDIUM |
| OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, due to a failed permission check, if a user had the View Members permission in any project, they could enumerate all Groups and view which other users are part of the group. The issue has been fixed in OpenProject 17.0.1 and 16.6.5. No known workarounds are available. | |||||
| CVE-2021-47812 | 1 Getgrav | 1 Grav | 2026-02-02 | N/A | 9.8 CRITICAL |
| GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution. | |||||
| CVE-2025-11669 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2026-02-02 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality. | |||||