Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

219378 matches found

NVD
NVDadded 2026/05/26 9:16 p.m.15 views

CVE-2026-9579

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit...

6.5CVSS0.00209EPSS
Exploits0References7
NVD
NVDadded 2026/05/26 9:16 p.m.11 views

CVE-2026-42337

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...

5.3CVSS0.00207EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 9:16 p.m.9 views

CVE-2025-14361

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

7.1CVSS0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/26 8:58 p.m.5 views

CVE-2025-14361

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/26 8:58 p.m.32 views

CVE-2025-14361 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

7.1CVSS0.00248EPSS
Exploits0References1
CVE
CVEadded 2026/05/26 8:58 p.m.17 views

CVE-2025-14361

CVE-2025-14361 affects the WordPress plugin AA-Team Woocommerce Envato Affiliates (

7.1CVSS5.8AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/26 8:30 p.m.31 views

CVE-2026-9581 JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS0.00209EPSS
Exploits0References7
CVE
CVEadded 2026/05/26 8:30 p.m.17 views

CVE-2026-9581

JeecgBoot

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/05/26 8:30 p.m.9 views

CVE-2026-9581 JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/05/26 8:19 p.m.5 views

CVE-2026-42337

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/26 8:19 p.m.10 views

EUVD-2026-31988

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 8:16 p.m.14 views

CVE-2026-27331

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...

6.3CVSS0.00157EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 8:16 p.m.14 views

CVE-2026-24520

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...

4.3CVSS0.00155EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 8:16 p.m.17 views

CVE-2026-25426

Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.1...

5.3CVSS0.00191EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 8:16 p.m.17 views

CVE-2026-25444

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

4.3CVSS0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/26 8:15 p.m.11 views

CVE-2026-9580

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References7
CVE
CVEadded 2026/05/26 8:15 p.m.26 views

CVE-2026-9580

JeecgBoot up to 3.9.1 is affected by a vulnerability in the LoginController.selectDepart function under /sys/selectDepart, causing improper access controls. Remote exploitation is possible and the exploit has been publicly disclosed. Upgrade to version 3.9.2 to fix the issue.

7.5CVSS6.7AI score0.00291EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2026/05/26 8:15 p.m.8 views

CVE-2026-9438

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

5.5CVSS5.7AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/26 8:14 p.m.10 views

CVE-2026-24546

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1
CVE
CVEadded 2026/05/26 7:45 p.m.14 views

CVE-2026-9579

Summary: CVE-2026-9579 affects JeecgBoot

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
Rows per page
Query Builder