Lucene search
K

690 matches found

Nuclei
Nuclei
added 8 hours ago13 views

ZimaOS - Authentication Bypass

ZimaOS = 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. id: CVE-2026-21891 info: name: ZimaO...

9.8CVSS6.1AI score0.02169EPSS
Exploits1References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57697 WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through = 5.9.9.6...

7.5CVSS0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57807 WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS0.00429EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago5 views

WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability

WordPress OAuth Single Sign On - SSO OAuth Client plugin = 38.5.8 - Broken Authentication vulnerability discovered by Kim Dvash in WordPress Plugin OAuth Single Sign On - SSO OAuth Client versions = 38.5.8...

9.8CVSS6.1AI score0.00429EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week4 views

WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by she11f in WordPress Plugin Abandoned Cart Recovery for WooCommerce versions = 1.1.12...

6.5CVSS6.1AI score0.00252EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week5 views

WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin ProfileGrid versions = 5.9.9.6...

7.5CVSS6.1AI score0.00329EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 1:30 p.m.6 views

WordPress WorkScout-Core plugin <= 1.7.08 - Cross Site Request Forgery (CSRF) to Broken Authentication vulnerability

Cross Site Request Forgery CSRF to Broken Authentication vulnerability discovered by Phat RiO in WordPress Plugin WorkScout-Core versions = 1.7.08...

8.8CVSS5.9AI score0.00164EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/07/02 11:15 a.m.16 views

CVE-2026-57352

CVE-2026-57352 concerns the WordPress plugin ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce (

4.8CVSS5.8AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56029

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-56029 WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...

7.5CVSS0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.10 views

EUVD-2026-39692

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.20 views

CVE-2026-56029

CVE-2026-56029 affects the WordPress CorvusPay WooCommerce Payment Gateway plugin ≤ 2.7.4. It is described as an Unauthenticated Broken Authentication vulnerability. The CVSS 3.1 base score is 7.5 (HIGH) with network attack vector, no user interaction, and no confidentiality or availability impac...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 1:16 p.m.11 views

CVE-2026-56237

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

9.3CVSS0.00293EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.4 views

CVE-2026-56237

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

9.3CVSS6AI score0.00293EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/23 9:27 a.m.5 views

WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by ParkHyunWoo in WordPress Plugin CorvusPay WooCommerce Payment Gateway versions = 2.7.4...

7.5CVSS5.8AI score0.00294EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37638

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS5.2AI score0.00381EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37640

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

7.6CVSS5.2AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37614

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

6.5CVSS5.2AI score0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37609

Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...

8.8CVSS5.2AI score0.00316EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37666

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References2
Rows per page
Query Builder