Lucene search
K

2904 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43292

The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level self-registerable account to read other employers' private account email addresses by enumerating job...

4.3CVSS6.1AI score0.00132EPSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-57404

CVE-2026-57404 is a Missing Authorization / Broken Access Control vulnerability affecting the WordPress plugin Booking and Rental Manager for WooCommerce (versions up to 2.6.9). The issue arises from incorrectly configured access control security levels in Booking and Rental Manager, allowing una...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday82 views

AntD Admin - Sensitive Information Disclosure

AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information such as user...

7.5CVSS6.9AI score0.04305EPSS
Exploits1References3
CVE
CVE
added 2 days ago13 views

CVE-2026-15475

Summary: CVE-2026-15475 affects MiniTool Partition Wizard (up to v13.6), specifically the Signed Kernel Driver pwdrvio.sys. A manipulation of an unknown function in pwdrvio.sys leads to improper access controls. The attack is local. Publicly available exploit suggests potential use in attacks. A ...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
NVD
NVD
added 4 days ago8 views

CVE-2026-41878

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS0.0047EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-40009

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

6.5CVSS0.00209EPSS
Exploits0References2
NVD
NVD
added 4 days ago11 views

CVE-2026-21050

Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

5.1CVSS0.00105EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-21041

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS0.00105EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-15188

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS0.00209EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago27 views

CVE-2025-45422

Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules...

0.00448EPSS
Exploits0References4
NVD
NVD
added last week10 views

CVE-2026-48956

An improper access check allows users to display a list of modules in the frontend...

6.4CVSS0.00168EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-42065

An improper access check allows users to display a list of modules in the frontend...

6.4CVSS6AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added last week35 views

CVE-2026-59709 Ghostfolio - Unauthorized Portfolio Holding Tag Modification via Missing Permission Check

Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove...

5.3CVSS0.002EPSS
Exploits0References4
CVE
CVE
added 2026/07/07 2:54 a.m.13 views

CVE-2026-34047

CVE-2026-34047 affects Coolify prior to 4.0.0-beta.471. The flaw is in terminal WebSocket bootstrap routes where authorization middleware was not enforced, allowing an authenticated user to access terminal functionality for resources outside the authorized scope and potentially execute commands. ...

9.9CVSS6AI score0.00373EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/05 2:38 p.m.10 views

EUVD-2026-41765

Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing. This issue affects Pardus-Parental-Control: from =0.5.1 before 0.7.0...

8.8CVSS5.9AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/04 12:5 p.m.11 views

EUVD-2026-41671

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlyi...

8.3CVSS6AI score0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.11 views

CVE-2026-58282

Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS0.00312EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.6 views

CVE-2026-28740

Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 7:42 p.m.36 views

CVE-2026-59098 LobeChat 2.2.9 - Cross-User Document Disclosure via Unscoped RAG Semantic Search

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS0.00238EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 2:50 p.m.33 views

CVE-2026-55118

A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application...

8.3CVSS0.00195EPSS
Exploits0References1
Rows per page
Query Builder