Search Results (8420 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-0158 1 Google 1 Android 2026-06-17 3.3 Low
In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-46802 1 Oracle 1 Webcenter Portal 2026-06-17 9.9 Critical
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVE-2026-46772 1 Oracle 1 Application Development Framework 2026-06-17 4.7 Medium
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Development Framework (ADF) accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Development Framework (ADF) accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N).
CVE-2026-48783 1 Gitroomhq 1 Postiz-app 2026-06-17 4.8 Medium
Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The endpoint, /public/modify-subscription, could not change the persisted subscription tier, but it did execute enforcement-related side effects on the caller's own organization, including adjusting team-member enablement state, disabling integrations exceeding the asserted plan's limits, and resetting the scheduled-post cron when the asserted plan was the free tier. Impact is limited to the attacker's own organization and cannot be redirected at other tenants through this endpoint. This issue has been fixed in version 2.21.8.
CVE-2026-0133 1 Google 1 Android 2026-06-17 7.8 High
In smmu_attach_dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-24709 2 Shareaholic, Wordpress 2 Shareaholic, Wordpress 2026-06-17 4.3 Medium
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
CVE-2026-24611 2 Wordpress, Wpmet 2 Wordpress, Metform Pro 2026-06-17 9.1 Critical
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-24610 2 Wordpress, Wpmet 2 Wordpress, Metform Pro 2026-06-17 4.3 Medium
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-39595 2 Boldgrid, Wordpress 2 W3 Total Cache, Wordpress 2026-06-17 4.7 Medium
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
CVE-2026-40723 2 Bricks, Wordpress 2 Bricks Builder, Wordpress 2026-06-17 4.3 Medium
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
CVE-2026-24575 2 Wishlist Member, Wordpress 2 Wishlist Member X, Wordpress 2026-06-17 4.3 Medium
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
CVE-2024-32949 2 Prince, Wordpress 2 Integrate Google Drive, Wordpress 2026-06-17 8.3 High
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8.
CVE-2024-33909 2 Avirtum, Wordpress 2 Ipages Flipbook, Wordpress 2026-06-17 5.3 Medium
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.
CVE-2026-26237 2 Qnap, Qnap Systems 2 Qumagie, Qumagie 2026-06-17 7.5 High
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later
CVE-2026-26236 2 Qnap, Qnap Systems 2 Qumagie, Qumagie 2026-06-17 7.5 High
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later
CVE-2026-53851 1 Openclaw 1 Openclaw 2026-06-16 5.3 Medium
OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading to unauthorized processing of lower-trust input.
CVE-2026-53844 1 Openclaw 1 Openclaw 2026-06-16 6.5 Medium
OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that should not be visible to their session.
CVE-2026-53850 1 Openclaw 1 Openclaw 2026-06-16 5.5 Medium
OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.
CVE-2026-34892 2 Rank Math Seo, Wordpress 2 Rank Math Seo, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
CVE-2026-39584 2 Webful Creations, Wordpress 2 Repairbuddy, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.