Lucene search
K

1435 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.6 views

CVE-2020-12073

The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests...

9.1CVSS6.9AI score0.01581EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/01/09 6:16 a.m.26 views

CVE-2026-20970

Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs...

6.8CVSS0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.6 views

CVE-2022-27128

An incorrect access control issue at /admin/runajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts...

9.8CVSS6.9AI score0.01119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.9 views

CVE-2019-16639

An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec= substring. This affects EG-2000SE EGRGOS 11.9...

9.8CVSS7.1AI score0.00822EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.3 views

CVE-2024-2749

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categorie...

5.9CVSS6.8AI score0.0028EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/01/05 10:43 a.m.2 views

CVE-2025-68850 WordPress Sell Downloads plugin <= 1.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codepeople Sell Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through 1.1.12...

7.5CVSS6.6AI score0.00237EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

WordPress plugin ShopMagic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 6:26 p.m.25 views

CVE-2025-68270 CourseLimitedStaff Role Allows Studio Access

The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, and CourseLimitedStaffRole users are able t...

9.9CVSS0.00275EPSS
Exploits0References4
NVD
NVD
added 2025/12/09 4:18 p.m.15 views

CVE-2025-67578

Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...

5.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:14 p.m.14 views

CVE-2025-67589

CVE-2025-67589 affects the WordPress plugin “WooCommerce PDF Invoices & Packing Slips” (woocommerce-pdf-invoices-packing-slips), with vulnerability type Missing/Broken Authorization (broken access control). Affected versions are up to 4.9.1; the issue is caused by incorrectly configured access co...

4.3CVSS6.6AI score0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-49999

Missing Authorization vulnerability in Virtuaria Virtuaria PagBank / PagSeguro para Woocommerce virtuaria-pagseguro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virtuaria PagBank / PagSeguro para Woocommerce: from n/a through = 3.6.3...

7AI score0.00282EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49073

Name of the Vulnerable Software and Affected Versions platform version 1.0.0 Description An access control issue exists in the ApiPayController.java component, potentially allowing unauthorized access to sensitive information. The vulnerability is present in platform version 1.0.0. The attack...

7.5CVSS6.3AI score0.00251EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-11224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allow...

7.7CVSS5.7AI score0.00313EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/08 12:0 a.m.3 views

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions 7.14.7 and earlier and 8.0.0-beta.1 through 8.9.0, which stems from inconsistent access control and could lead to unauthorized data exposure and modification...

8.3CVSS6.4AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.3 views

PT-2025-44232

Name of the Vulnerable Software and Affected Versions Facebook for WooCommerce versions through 3.5.7 Description A missing authorization issue exists in Facebook for WooCommerce, allowing exploitation of incorrectly configured access control security levels. Recommendations Update Facebook for...

5.3CVSS6.6AI score0.00198EPSS
Exploits0References5
NVD
NVD
added 2025/10/23 10:15 p.m.8 views

CVE-2025-59273

Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS0.00346EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 3:31 p.m.5 views

EUVD-2025-35547

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.3.9...

8.2CVSS6.5AI score0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.4 views

PT-2025-41507

Name of the Vulnerable Software and Affected Versions Samsung DeX versions prior to SMR Oct-2025 Release 1 Description An improper access control issue exists in the WindowManager component of Samsung DeX. This allows a physically present attacker to temporarily access a list of recently used...

2.4CVSS6.4AI score0.00145EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-2400

Malware in sbrugna...

7.8CVSS7.7AI score0.00203EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-1599

Malware in sbrugna...

9.3CVSS8.2AI score0.00764EPSS
Exploits0References3
Rows per page
Query Builder