Lucene search
K

11411 matches found

Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-57721 WordPress ApplyOnline plugin <= 2.6.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6...

5.3CVSS
Exploits0References1
Patchstack
Patchstack
added 2 hours ago3 views

WordPress ApplyOnline plugin <= 2.6.7.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin ApplyOnline versions = 2.6.7.6...

5.3CVSS5.8AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-57720 WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...

4.3CVSS
Exploits0References1
CVE
CVE
added 2 hours ago5 views

CVE-2026-57720

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...

4.3CVSS5.8AI score
Exploits0References1
Patchstack
Patchstack
added 3 hours ago3 views

WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin ThumbPress versions = 6.3.2...

4.3CVSS5.8AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-27409 WordPress Webba Booking plugin <= 6.4.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13...

5.3CVSS
Exploits0References1
CVE
CVE
added 3 hours ago4 views

CVE-2026-27409

CVE-2026-27409 : Missing Authorization in Webba Booking for WordPress (plugin)

5.3CVSS5.8AI score
Exploits0References1
CVE
CVE
added 11 hours ago13 views

CVE-2026-27435

WordPress Woffice theme versions before 5.4.33 are affected by a Missing Authorization vulnerability due to incorrectly configured access control. CVSSv3.1: 5.3 (Network, Low privileges, No user interaction). Impact: Integrity impact (LOW); others None. Affected: Woffice theme (WordPress)

5.3CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added 16 hours ago23 views

WP Cerber < 8.9.3 - Broken Access Control

WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...

5.3CVSS6AI score0.0235EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago15 views

Templately <= 3.1.2 - Broken Access Control

Templately allow an attacker to logout users who signed in to their templately account, so you can sign in your templately account to exploit this vulnerability. Go to http://IP/wordpress/wp-admin/admin.php?page=templately&path=sign-in to sign in then logout. id: CVE-2024-47308 info: name:...

9.8CVSS5.8AI score0.01695EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago16 views

Webnus Inc. Modern Events Calendar - Broken Access Control

Webnus Inc. Modern Events Calendar = 7.29.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers bypass authorization, exploit requires no special privileges. id: CVE-2026-32583 info: name: Webnus Inc. Modern Events...

5.3CVSS5.8AI score0.007EPSS
Exploits0References1
Nuclei
Nuclei
added 16 hours ago10 views

Contest Gallery - Broken Access Control

Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions. id: CVE-2024-43283 info: name: Contest Gallery - Broken Access...

7.5CVSS5.8AI score0.01104EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago14 views

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

8.8CVSS7.5AI score0.0692EPSS
Exploits1References4
Nuclei
Nuclei
added 16 hours ago20 views

Nginx UI - Broken Access Control

Network attackers can fully control nginx service, including config modification and service restart, leading to complete service takeover. id: CVE-2026-33032 info: name: Nginx UI - Broken Access Control author: DhiyaneshDk severity: critical description: | Network attackers can fully control ngi...

9.8CVSS7.6AI score0.38477EPSS
Exploits4References3
Nuclei
Nuclei
added 16 hours ago22 views

LiteLLM - Arbitrary File Read

LiteLLM 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts. id: CVE-2026-35029 info: name: LiteLLM - Arbitrary File Read...

8.8CVSS5.8AI score0.26409EPSS
Exploits2References3
Nuclei
Nuclei
added 16 hours ago20 views

UniFi Access - Broken Access Control

UniFi Access Application 3.3.22 through 3.4.31 contains a broken authentication caused by misconfiguration exposing management API without proper authentication, letting attackers on management network access management functions, exploit requires network access. id: CVE-2025-52665 info: name:...

10CVSS7.6AI score0.40972EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago15 views

Spring Cloud Gateway Server Webflux - Broken Access Control

Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and exposed actuator endpoints allowing modification of Spring Environment properties, letting attackers modify configuration, exploit requires unsecured actuator endpoints exposure. id: CVE-2025-41243 info: name:...

10CVSS7.3AI score0.03311EPSS
Exploits0References4
Nuclei
Nuclei
added 16 hours ago13 views

LottieFiles WordPress Plugin <= 3.0.0 - Missing Authorization

LottieFiles LottieFiles = 3.0.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers exploit missing authorization, exploit requires no special privileges. id: CVE-2025-68043 info: name: LottieFiles WordPress Plugin =...

7.3CVSS5.8AI score0.00588EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago11 views

WordPress FluentForms <= 5.1.16 - Broken Access Control

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...

7.5CVSS5.8AI score0.0123EPSS
Exploits0References4
Nuclei
Nuclei
added 16 hours ago18 views

Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit - Broken Access Control

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash in all...

9.8CVSS5.7AI score0.02904EPSS
Exploits0References3
Rows per page
Query Builder