CWE-86 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8879 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-14986	1 Temporal	1 Temporal	2026-01-05	N/A
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authorized for one namespace to bypass that namespace's limits/policies by setting the embedded start request's namespace to a different namespace. The workflow is still created in the outer (authorized) namespace; only validation/gating is performed under the wrong namespace context. This issue affects Temporal: from 1.24.0 through 1.29.1. Fixed in 1.27.4, 1.28.2, 1.29.2.
CVE-2025-14987	1 Temporal	1 Temporal	2026-01-05	N/A
When system.enableCrossNamespaceCommands is enabled (on by default), the Temporal server permits certain workflow task commands (e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution) to target a different namespace than the namespace authorized at the gRPC boundary. The frontend authorizes RespondWorkflowTaskCompleted based on the outer request namespace, but the history service later resolves and executes the command using the namespace embedded in command attributes without authorizing the caller for that target namespace. This can allow a worker authorized for one namespace to create, signal, or cancel workflows in another namespace. This issue affects Temporal: through 1.29.1. Fixed in 1.27.4, 1.28.2, 1.29.2.
CVE-2025-63022	2 Illia, Wordpress	2 Simple Like Page, Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Illia Simple Like Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through 1.5.3.
CVE-2025-62150	1 Wordpress	1 Wordpress	2026-01-05	4.3 Medium
Missing Authorization vulnerability in Themesawesome History Timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from n/a through 1.0.6.
CVE-2025-62141	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in 101gen Wawp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through 4.0.5.
CVE-2025-62092	2 Wiremo, Wordpress	2 Wiremo, Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through 1.4.99.
CVE-2025-63031	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in WP Grids EasyTest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through 1.0.1.
CVE-2025-62755	2 Gsplugins, Wordpress	2 Gs Portfolio For Envato, Wordpress	2026-01-05	5.3 Medium
Unauthenticated Broken Access Control in GS Portfolio for Envato <= 1.4.2 versions.
CVE-2025-62154	2 Recorp, Wordpress	2 Ai Content Writing Assistant, Wordpress	2026-01-05	4.3 Medium
Missing Authorization vulnerability in Recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One: from n/a through 1.1.7.
CVE-2025-62079	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through 1.0.3.
CVE-2025-62122	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Solwininfotech Trash Duplicate and 301 Redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 Redirect: from n/a through 1.9.1.
CVE-2025-62129	2 Magnigenie, Wordpress	2 Restropress, Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through 3.2.4.2.
CVE-2025-62747	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through 1.3.3.
CVE-2025-49338	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through 1.1.5.
CVE-2025-62116	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Quadlayers AI Copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through 1.4.7.
CVE-2025-63016	2 Quadlayers, Wordpress	2 Tiktok Feed, Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Quadlayers QuadLayers TikTok Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through 4.6.4.
CVE-2023-52642	2 Debian, Linux	2 Debian Linux, Linux Kernel	2026-01-05	7.8 High
In the Linux kernel, the following vulnerability has been resolved: media: rc: bpf attach/detach requires write permission Note that bpf attach/detach also requires CAP_NET_ADMIN.
CVE-2025-62078	1 Wordpress	1 Wordpress	2026-01-05	4.3 Medium
Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through 3.0.0.
CVE-2025-63038	2 Northern Beaches Websites, Wordpress	2 Wp Custom Admin Interface, Wordpress	2026-01-05	4.3 Medium
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.40.
CVE-2025-66155	2 Merkulove, Wordpress	2 Questionar For Elementor, Wordpress	2026-01-05	5.4 Medium
Missing Authorization vulnerability in merkulove Questionar for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through 1.1.7.

« first previous Page 12 of 444. next last »