Search Results (602 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-42378 2 Themeisle, Wordpress 2 Wp Full Stripe Free, Wordpress 2026-06-23 6.5 Medium
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
CVE-2026-42411 2 Wordpress, Xserver 2 Wordpress, Cloudsecure Wp Security 2026-06-23 8.1 High
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
CVE-2026-12225 1 Syracom 3 Secure Login (2fa) For Bitbucket, Secure Login (2fa) For Confluence, Secure Login (2fa) For Jira 2026-06-23 N/A
syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containing specific strings such as AtlassianMobileApp or JIRA. When such a User-Agent is present, the plugin does not enforce the configured 2FA checks for protected web resources. Successful exploitation allows the attacker to access the affected Atlassian application as the compromised user without completing 2FA. If the compromised account has administrative privileges, the attacker can access administrative functionality and may disable the 2FA plugin or make arbitrary administrative changes. The issue is fixed in version 3.5.0.0.
CVE-2019-25763 2 Ultimatebeaver, Wordpress 2 Ultimate Addons For Beaver Builder, Wordpress 2026-06-22 9.8 Critical
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user.
CVE-2026-54804 2 Melhorenvio, Wordpress 2 Melhor Envio, Wordpress 2026-06-20 7.6 High
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
CVE-2026-50194 1 Steeltoeoss 2 Steeltoe.management.endpoint, Steeltoe.management.endpointcore 2026-06-20 8.2 High
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port (`Management:Endpoints:Port` is configured), the middleware responsible for restricting access to the endpoints uses the `Host` HTTP header rather than the actual network socket port. Versions 3.4.0 and 4.2.0 patch the issue. If an immediate upgrade to a patched version is not possible, add explicit ASP.NET Core authorization (`RequireAuthorization`) to all sensitive actuator endpoints as a defense-in-depth measure independent of port isolation and/or configure the reverse proxy or load balancer to enforce the `Host` header value and prevent clients from setting an arbitrary port.
CVE-2026-20079 1 Cisco 1 Secure Firewall Management Center 2026-06-18 10 Critical
A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.
CVE-2026-49071 2 Opmc, Wordpress 2 Woocommerce Dropshipping, Wordpress 2026-06-17 6.5 Medium
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
CVE-2026-25439 2 Fs-code, Wordpress 2 Booknetic, Wordpress 2026-06-17 8.1 High
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
CVE-2026-49767 2 Tomdever, Wordpress 2 Wpforo Forum, Wordpress 2026-06-17 9.8 Critical
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
CVE-2026-1603 1 Ivanti 1 Endpoint Manager 2026-06-17 8.6 High
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
CVE-2026-42629 2026-06-17 8.8 High
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
CVE-2026-34040 2 Docker, Moby 2 Engine, Moby 2026-06-16 8.8 High
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.
CVE-2026-40790 2 Veronalabs, Wordpress 2 Wp Sms, Wordpress 2026-06-16 6.5 Medium
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
CVE-2026-48970 2 Really-simple-plugins, Wordpress 2 Really Simple Ssl, Wordpress 2026-06-16 8.1 High
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
CVE-2026-40781 2 Reviewx, Wordpress 2 Reviewx, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
CVE-2026-49764 2 Metagauss, Wordpress 2 Registrationmagic, Wordpress 2026-06-16 9.8 Critical
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
CVE-2026-42668 2026-06-16 7.5 High
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.
CVE-2026-40799 2026-06-15 5.8 Medium
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
CVE-2026-39450 2026-06-15 7.1 High
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.