CWE-639 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1751 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-38530	2 Krayin, Webkul	2 Laravel-crm, Krayin Crm	2026-04-23	8.1 High
A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request.
CVE-2026-38532	2 Krayin, Webkul	2 Laravel-crm, Krayin Crm	2026-04-23	8.1 High
A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request.
CVE-2026-22489	2 Wordpress, Wptexture	2 Wordpress, Image Slider Slideshow	2026-04-23	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow image-slider-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through <= 1.8.
CVE-2025-69032	3 Mikado-themes, Qodeinteractive, Wordpress	3 Fivestar, Fivestar, Wordpress	2026-04-23	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7.
CVE-2025-69030	3 Mikado-themes, Qodeinteractive, Wordpress	3 Backpack Traveler, Backpack Traveler, Wordpress	2026-04-23	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through <= 2.10.3.
CVE-2025-69029	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through <= 2.5.1.
CVE-2025-68502	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup jet-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through <= 2.0.20.1.
CVE-2025-68044	2 Rustaurius, Wordpress	2 Five Star Restaurant Reservations, Wordpress	2026-04-23	8.6 High
Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.4.
CVE-2025-67594	3 Elementor, Thimpress, Wordpress	3 Elementor, Thim Elementor Kit, Wordpress	2026-04-23	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.3.3.
CVE-2025-64282	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in RadiusTheme Radius Blocks radius-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Radius Blocks: from n/a through <= 2.2.1.
CVE-2025-63053	2 Jeweltheme, Wordpress	2 Master Addons For Elementor, Wordpress	2026-04-23	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.4.
CVE-2025-63043	2 Pickplugins, Wordpress	2 Post Grid, Wordpress	2026-04-23	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23.
CVE-2025-59562	2 Creativeitem, Wordpress	2 Academy Lms, Wordpress	2026-04-23	5.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.3.4.
CVE-2025-58597	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.6.
CVE-2025-58012	1 Wordpress	1 Wordpress	2026-04-23	3.8 Low
Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask content-mask allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Content Mask: from n/a through <= 1.8.5.3.
CVE-2025-57994	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists upcoming-events-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Upcoming Events Lists: from n/a through <= 1.4.0.
CVE-2025-57886	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through <= 1.30.0.
CVE-2025-54691	2 Stylemix, Wordpress	2 Motors, Wordpress	2026-04-23	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through <= 1.4.80.
CVE-2025-53208	1 Wordpress	1 Wordpress	2026-04-23	7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business paymaya-checkout-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maya Business: from n/a through <= 1.2.0.
CVE-2025-49995			2026-04-23	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.3.1.

« first previous Page 19 of 88. next last »