CWE-86 CVEs and Security Vulnerabilities

Export limit exceeded: 326181 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8814 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-69300	2 Leap13, Wordpress	2 Premium Addons For Elementor, Wordpress	2026-01-27	5.4 Medium
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.63.
CVE-2025-69188	2 E-plugins, Wordpress	2 Fitness Trainer, Wordpress	2026-01-27	7.3 High
Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1.
CVE-2025-69187	2 E-plugins, Wordpress	2 Final User, Wordpress	2026-01-27	7.3 High
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.
CVE-2025-69186	2 E-plugins, Wordpress	2 Hospital & Doctor Directory, Wordpress	2026-01-27	7.3 High
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2025-69185	1 Wordpress	1 Wordpress	2026-01-27	7.3 High
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.
CVE-2026-24544	2 Harmonicdesign, Wordpress	2 Hd Quiz, Wordpress	2026-01-27	4.3 Medium
Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through <= 2.0.9.
CVE-2026-24543	1 Wordpress	1 Wordpress	2026-01-27	4.3 Medium
Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through <= 1.3.52.
CVE-2026-24541	2 Mkscripts, Wordpress	2 Download After Email, Wordpress	2026-01-27	5.3 Medium
Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through <= 2.1.9.
CVE-2026-24540	2 Prince, Wordpress	2 Integrate Google Drive, Wordpress	2026-01-27	5.4 Medium
Missing Authorization vulnerability in Prince Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.5.
CVE-2025-69181	2 E-plugins, Wordpress	2 Lawyer Directory, Wordpress	2026-01-27	7.3 High
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.4.
CVE-2025-69095	2 Designthemes, Wordpress	2 Reservation Plugin, Wordpress	2026-01-27	6.5 Medium
Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through <= 1.7.
CVE-2025-69052	2 Fmeaddons, Wordpress	2 Registration And Login With Mobile Phone Number For Woocommerce, Wordpress	2026-01-27	9.8 Critical
Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registration & Login with Mobile Phone Number for WooCommerce: from n/a through <= 1.3.1.
CVE-2025-66140	2 Merkulove, Wordpress	2 Uper For Elementor, Wordpress	2026-01-27	5.4 Medium
Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.
CVE-2025-58938	2 Themeatelier, Wordpress	2 Idonate, Wordpress	2026-01-27	7.6 High
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.
CVE-2023-29240	1 F5	1 Big-iq Centralized Management	2026-01-27	5.4 Medium
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-23419	3 Debian, F5, Redhat	4 Debian Linux, Nginx, Nginx Plus and 1 more	2026-01-27	4.3 Medium
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-24534	1 Wordpress	1 Wordpress	2026-01-26	8.8 High
Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <= 1.5.7.
CVE-2026-24524	1 Wordpress	1 Wordpress	2026-01-26	8.1 High
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.2.
CVE-2025-66138	2 Merkulove, Wordpress	2 Motionger For Elementor, Wordpress	2026-01-26	8.8 High
Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for Elementor: from n/a through <= 2.0.4.
CVE-2025-66137	2 Merkulove, Wordpress	2 Searcher For Elementor, Wordpress	2026-01-26	8.8 High
Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3.

« first previous Page 32 of 441. next last »