Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 7 hours ago3 views

EUVD-2026-38659

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...

5.3CVSS6AI score
Exploits0References3
EUVD
EUVDadded 6 days ago8 views

EUVD-2026-37912

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

6.9CVSS5.3AI score0.003EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/03/21 12:0 a.m.6 views

WordPress plugin e-shot form builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/02/03 11:33 a.m.3 views

CVE-2025-11598

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...

1CVSS5.4AI score0.00151EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/25 12:30 a.m.4 views

EUVD-2025-35899

GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...

8.6CVSS6.3AI score0.0038EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/22 11:22 p.m.2 views

CVE-2022-45635

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...

7.5CVSS7AI score0.00783EPSS
Exploits2References1
BDU FSTEC
BDU FSTECadded 2021/12/20 12:0 a.m.3 views

The vulnerability of the FortiSIEM Windows Agent security management system lies in the fact that user credentials are stored as plain-text files in log files. This allows attackers to gain unauthorized access to the protected information.

The vulnerability of the FortiSIEM Windows Agent security management system lies in the fact that account data is stored as plain-text files in log files. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

5.5CVSS5.9AI score0.00212EPSS
Exploits0References4Affected Software1
CNVD
CNVDadded 2018/01/10 12:0 a.m.1 views

Parity Ethereum client JSON-RPC misconfiguration vulnerability

Parity Ethereum client is a client for Ethereum the application runtime platform.JSON-RPC is one of the remote invocation services using JSON as the protocol. A misconfiguration vulnerability exists in JSON-RPC in Parity Ethereum client version 1.7.8. An attacker can use this vulnerability to sen...

7.5CVSS6.8AI score0.01206EPSS
Exploits1References1
Rows per page
Query Builder