Total
6618 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49376 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9. | |||||
| CVE-2025-49356 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through 1.2.0. | |||||
| CVE-2025-49350 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Actionwear products sync: from n/a through <= 2.3.3. | |||||
| CVE-2025-49349 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Reuters News Agency Reuters Direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through 3.0.0. | |||||
| CVE-2025-49348 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Hype Hype pico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hype: from n/a through <= 1.0.5. | |||||
| CVE-2025-49339 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Digages Direct Payments WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through 1.3.0. | |||||
| CVE-2025-49338 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through 1.1.5. | |||||
| CVE-2025-49041 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through <= 3.2.3. | |||||
| CVE-2025-48096 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through <= 1.4.0. | |||||
| CVE-2025-46255 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5. | |||||
| CVE-2025-39561 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5. | |||||
| CVE-2025-39465 | 2026-01-20 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through <= 5.8.4. | |||||
| CVE-2025-31046 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29. | |||||
| CVE-2025-30944 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through <= 1.1.23. | |||||
| CVE-2025-22715 | 2026-01-20 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25. | |||||
| CVE-2025-14360 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through <= 1.2.15. | |||||
| CVE-2025-14358 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5. | |||||
| CVE-2024-24844 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6. | |||||
| CVE-2024-58337 | 1 Akuvox | 26 C313w-2, C313w-2 Firmware, E16c and 23 more | 2026-01-16 | N/A | 4.3 MEDIUM |
| Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities. | |||||
| CVE-2023-54327 | 1 Tinycontrol | 2 Lan Controller, Lan Controller Firmware | 2026-01-16 | N/A | 9.8 CRITICAL |
| Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials. | |||||