Total
6596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1786 | 2026-02-11 | N/A | 6.5 MEDIUM | ||
| The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including Twitter API credentials, post author, post status, and the capability required to access the plugin's admin menu. | |||||
| CVE-2026-1833 | 2026-02-11 | N/A | 5.3 MEDIUM | ||
| The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to block and unblock phone numbers, which should be restricted to administrators. | |||||
| CVE-2026-1748 | 2026-02-11 | N/A | 4.3 MEDIUM | ||
| The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve invoice clients, invoice items, and list of WordPress users along with their emails. | |||||
| CVE-2026-25609 | 2026-02-10 | N/A | 5.4 MEDIUM | ||
| Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only. | |||||
| CVE-2026-0817 | 1 Wikimedia | 1 Campaignevents | 2026-02-10 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39. | |||||
| CVE-2026-1897 | 1 Wekan Project | 1 Wekan | 2026-02-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to version 8.21 can resolve this issue. The patch is identified as 55576ec17722db094835470b386162c9a662fb60. It is advisable to upgrade the affected component. | |||||
| CVE-2025-15289 | 1 Tanium | 1 Interact | 2026-02-10 | N/A | 3.1 LOW |
| Tanium addressed an improper access controls vulnerability in Interact. | |||||
| CVE-2025-15330 | 1 Tanium | 1 Deploy | 2026-02-10 | N/A | 8.8 HIGH |
| Tanium addressed an improper input validation vulnerability in Deploy. | |||||
| CVE-2025-15327 | 1 Tanium | 1 Deploy | 2026-02-10 | N/A | 4.3 MEDIUM |
| Tanium addressed an improper access controls vulnerability in Deploy. | |||||
| CVE-2025-15326 | 1 Tanium | 1 Patch | 2026-02-10 | N/A | 4.3 MEDIUM |
| Tanium addressed an improper access controls vulnerability in Patch. | |||||
| CVE-2026-24322 | 2026-02-10 | N/A | 7.7 HIGH | ||
| SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability. | |||||
| CVE-2026-0486 | 2026-02-10 | N/A | 5.0 MEDIUM | ||
| In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted. | |||||
| CVE-2026-24326 | 2026-02-10 | N/A | 4.3 MEDIUM | ||
| Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on confidentiality or availability of the application. | |||||
| CVE-2026-0488 | 2026-02-10 | N/A | 9.9 CRITICAL | ||
| An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability. | |||||
| CVE-2026-23688 | 2026-02-10 | N/A | 4.3 MEDIUM | ||
| SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted. | |||||
| CVE-2026-1722 | 2026-02-10 | N/A | 5.3 MEDIUM | ||
| The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the `wcfm-refund-requests-form` AJAX controller. This makes it possible for unauthenticated attackers to create arbitrary refund requests for any order ID and item ID, potentially leading to financial loss if automatic refund approval is enabled in the plugin settings. | |||||
| CVE-2026-24312 | 2026-02-10 | N/A | 5.2 MEDIUM | ||
| An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrity, with low impact on confidentiality and no impact on availability of the application. | |||||
| CVE-2026-0509 | 2026-02-10 | N/A | 9.6 CRITICAL | ||
| SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application. | |||||
| CVE-2026-25808 | 2026-02-10 | N/A | 7.5 HIGH | ||
| Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is fixed in 0.6.20 and 0.7.2. | |||||
| CVE-2026-24327 | 2026-02-10 | N/A | 4.3 MEDIUM | ||
| Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or availability. | |||||