Lucene search
K

12048 matches found

CVE
CVE
added 8 hours ago7 views

CVE-2026-14753

The CVE-2026-14753 entry concerns the mjperpinosa stumasy project (Note Handler/Assignment Handler) with a vulnerability in the /PHP/objects/notes component. The root cause is a manipulation of the argument assignment_item_id that results in an authorization bypass. The flaw can be triggered remo...

7.5CVSS6.7AI score
Exploits0References6
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-41759

A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignmentitemid results in authorization...

7.5CVSS6.7AI score
Exploits0References6
Nuclei
Nuclei
added 19 hours ago34 views

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.3AI score0.04552EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago10 views

WordPress MapPress Maps <= 2.96.6 - Unauthenticated IDOR

MapPress Maps for WordPress = 2.96.6 contains an authorization bypass caused by missing ownership verification in REST API routes, letting unauthenticated attackers read any map data and authenticated contributors modify any map, exploit requires crafted API requests id: CVE-2026-8839 info: name:...

5.3CVSS5.9AI score0.00813EPSS
Exploits0References3
Nuclei
Nuclei
added 19 hours ago88 views

Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...

9.8CVSS7AI score0.13425EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago66 views

Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the...

9.8CVSS7.2AI score0.04461EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago15 views

Casdoor - Authorization Bypass

Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access. id: CVE-2025-4210 info: name: Casdoor - Authorization Bypass author: theamanrawat severity:...

7.5CVSS7AI score0.01813EPSS
Exploits0References2
Nuclei
Nuclei
added 19 hours ago14 views

Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

9.8CVSS6AI score0.01342EPSS
Exploits0References2
Nuclei
Nuclei
added 19 hours ago25 views

FatPipe WARP/IPVPN/MPVPN - Authorization Bypass

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...

5.3CVSS6.2AI score0.02703EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago20 views

Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS7AI score0.01594EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago39 views

Site Offline WP Plugin < 1.5.3 - Authorization Bypass

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature. id: CVE-2022-1580 info: name: Site Offline WP Plugin 1.5.3 - Authorization Bypass author: s4e-io...

4.3CVSS5.9AI score0.01299EPSS
Exploits2References2
Nuclei
Nuclei
added 19 hours ago50 views

Lin CMS Spring Boot - Default JWT Token

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application. id: CVE-2022-32430 info: name: Lin CMS Spring Boot - Default JWT Token author: DhiyaneshDK severity: high description: | An access control issue in Lin CM...

7.5CVSS7.1AI score0.03634EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday69 views

WordPress InfiniteWP <1.9.4.5 - Authorization Bypass

WordPress InfiniteWP plugin before 1.9.4.5 for WordPress contains an authorization bypass vulnerability via a missing authorization check in iwpmmbsetrequest in init.php. An attacker who knows the username of an administrator can log in, thereby making it possible to obtain sensitive information,...

9.8CVSS7.2AI score0.8787EPSS
Exploits2References5
CVE
CVE
added 2 days ago14 views

CVE-2026-28740

CVE-2026-28740 affects Gitea up to version 1.26.2. The issue allows Git LFS object reuse to authorize private source objects for users with repository access but without Code-unit access (root cause: LFS object reuse bypassing Code-unit authorization). Impact is unauthorized access to private sou...

7.1CVSS7.1AI score0.00323EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-41565

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=viewstudent of the component POST Handler. The manipulation of the argument ID leads to authorization...

5.3CVSS5.6AI score0.00223EPSS
Exploits0References5
CVE
CVE
added 2 days ago7 views

CVE-2026-14608

SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 is affected. The vulnerability resides in the POST Handler’s /index.php?action=view_student where manipulating the ID argument bypasses authorization. Remote exploitation is possible, and the exploit has been publicly di...

5.3CVSS5.6AI score0.00223EPSS
Exploits0References5
CVE
CVE
added 2 days ago8 views

CVE-2026-59234

This CVE affects Prospero Flow CRM prior to version 5.5.3. The vulnerability lies in the CalendarDeleteEventController (app/Http/Controllers/Calendar/CalendarDeleteEventController.php), exposed at the GET endpoint /calendar/event/delete/{id} . The delete logic uses Calendar::find($id)-&gt;delete(...

6.9CVSS6AI score0.00403EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-41539

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS6AI score0.00403EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41524

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6AI score0.00338EPSS
Exploits0References10
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41513

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00312EPSS
Exploits0References14
Rows per page
Query Builder