Lucene search
K

71881 matches found

Nuclei
Nuclei
added 9 hours ago23 views

SmartSearchWP < 2.4.6 - OpenAI Key Disclosure

The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. id: CVE-2024-6845 info: name: SmartSearchWP 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium...

5.3CVSS6AI score0.01113EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago41 views

WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization

WPZOOM Social Icons Widget & Block versions up to 4.2.15 contain a missing authorization vulnerability caused by insufficient access control in the widget and block, letting attackers perform unauthorized actions, exploit requires no special conditions. id: CVE-2024-30464 info: name: WPZOOM Socia...

8.8CVSS7.1AI score0.01517EPSS
Exploits0References1
Nuclei
Nuclei
added 9 hours ago13 views

WordPress MapPress Maps <= 2.96.6 - Unauthenticated IDOR

MapPress Maps for WordPress = 2.96.6 contains an authorization bypass caused by missing ownership verification in REST API routes, letting unauthenticated attackers read any map data and authenticated contributors modify any map, exploit requires crafted API requests id: CVE-2026-8839 info: name:...

5.3CVSS5.9AI score0.00813EPSS
Exploits0References3
CVE
CVE
added 9 hours ago6 views

CVE-2026-5069

Vulnerability summary (CVE-2026-5069) : The Fluent Forms plugin for WordPress up to version 6.2.1 is vulnerable to incorrect authorization via the subscription_id parameter in the payment cancellation AJAX flow. The root cause is insufficient ownership authorization checks, allowing authenticated...

5.4CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-42778

The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...

5.4CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 10 hours ago5 views

CVE-2026-15320

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS5.9AI score
Exploits0References6Affected Software1
CVE
CVE
added 10 hours ago7 views

CVE-2026-15320

CVE-2026-15320 affects Sipeed PicoClaw software up to version 0.2.9. The vulnerability targets the function rt.ReloadConfig in the file pkg/channels/pico/pico.go, where manipulation of the message.send argument can bypass authorization. This potentially allows a remote attacker to trigger the iss...

5.5CVSS5.9AI score
Exploits0References6
EUVD
EUVD
added 10 hours ago6 views

EUVD-2026-42776

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS5.9AI score
Exploits0References6
CVE
CVE
added 10 hours ago5 views

CVE-2026-15318

CVE-2026-15318 affects Sipeed PicoClaw up to version 0.2.9. The vulnerability lies in the MQTT Channel Handler, specifically in the file pkg/channels/mqtt/mqtt.go, where manipulation of the client_id argument leads to incorrect authorization. The issue can be exploited remotely, and public exploi...

6.5CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added 11 hours ago6 views

EUVD-2026-42703

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service DoS. On EX2300, EX4000, EX4100, EX4300-MP Multigigabit and EX4400 switches, an authenticated, local attacker with no specific permissions ...

6.8CVSS6AI score
Exploits0References2
EUVD
EUVD
added 12 hours ago11 views

EUVD-2026-34014

Tesla: Authorization header leaks on cross-origin redirect via case-sensitive filtering...

8.2CVSS5.9AI score0.00396EPSS
Exploits2References5
CVE
CVE
added yesterday7 views

CVE-2026-55604

DeepSeek MCP Server (DeepSeek V4) is vulnerable from v1.4.2 up to, but not including, v1.7.0. The issue stems from a process-global SessionStore that accepts caller-supplied session_id values without binding them to any authenticated principal or transport session. An attacker can enumerate activ...

8.6CVSS6AI score
Exploits0References2
CVE
CVE
added yesterday15 views

CVE-2026-55170

CVE-2026-55170 affects OpenFGA when using MySQL as the datastore prior to 1.18.0. Case-insensitive/case-distinct comparisons on the tuple, changelog, and authorization_model identifier columns can cause values like user:Alice and user:alice to be treated as equivalent, making two distinct check r...

2.1CVSS5.9AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-33802

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service DoS. On EX2300, EX4000, EX4100, EX4300-MP Multigigabit and EX4400 switches, an authenticated, local attacker with no specific permissions ...

6.8CVSS6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added yesterday3 views

WordPress Invoice123 plugin <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Setting Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Setting Modification vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Invoice123 versions = 1.7.0...

4.3CVSS6.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday3 views

WordPress Import and export users and customers plugin <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Tiago Ventura perses in WordPress Plugin Import and export users and customers versions = 2.4.0...

4.3CVSS6.1AI score
Exploits0References1Affected Software1
NVD
NVD
added yesterday6 views

CVE-2026-15191

A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation Endpoint. Executing a manipulation can lead to authorization bypass. The attack c...

6.5CVSS
Exploits0References6
NVD
NVD
added yesterday5 views

CVE-2026-61474

An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharinggroupid without triggering the corresponding sharing group authorization check, as long as the attribute distribution value was not explicitly s...

5.3CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-42619

A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation Endpoint. Executing a manipulation can lead to authorization bypass. The attack c...

6.5CVSS6.2AI score
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2026-15191

CVE-2026-15191 affects mettle sendportal up to 3.0.1, specifically the CampaignCreation Endpoint logic in vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php. The flaw enables authorization bypass via manipulation of the Campaign Creation Endpoint. It is a remote network-expo...

6.5CVSS6.2AI score
Exploits0References6
Rows per page
Query Builder