CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.5CVSS5.1AI score0.00246EPSS

PT-2026-49506

Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...

Positive Technologies•added 4 days ago•9 views

PT-2026-49322

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...

5.4AI score0.00248EPSS

7.5CVSS5.1AI score0.00251EPSS

PT-2026-49362

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

6.3CVSS5.1AI score0.00242EPSS

PT-2026-49349

Subscriber Broken Access Control in bunny.net = 2.3.6 versions...

PT-2026-49325

Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components...

5.2AI score0.00286EPSS

7.5CVSS5.1AI score0.00278EPSS

PT-2026-49457

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS5.1AI score0.00246EPSS

PT-2026-49396

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

6.5CVSS5.1AI score0.00326EPSS

PT-2026-49402

Subscriber Broken Access Control in RepairBuddy = 4.1132 versions...

7.5CVSS5.1AI score0.00287EPSS

PT-2026-49412

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

7.5CVSS5.1AI score0.00287EPSS

PT-2026-49391

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

Positive Technologies•added 4 days ago•8 views

PT-2026-49426

Subscriber Broken Access Control in ChatBot = 7.9.7 versions...

7.1CVSS5.1AI score0.00307EPSS

Positive Technologies•added 4 days ago•8 views

PT-2026-49408

Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...

7.5CVSS5.1AI score0.00246EPSS

6.5CVSS5.1AI score0.00279EPSS

PT-2026-49431

Subscriber Broken Access Control in myCred = 3.0.3 versions...

Positive Technologies•added 4 days ago•8 views

PT-2026-49316

Incorrect access control in the /form/webhooks/webhook endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request...

5.3AI score0.00282EPSS

7.5CVSS5.1AI score0.00238EPSS

PT-2026-49418

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

PT-2026-49288

A Time-Based Blind SQL Injection vulnerability in the alias management module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias management.php...

6.3AI score0.00361EPSS

Exploits1References2

6.3CVSS5.1AI score0.00242EPSS

PT-2026-49445

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

6.5CVSS5.1AI score0.00279EPSS

PT-2026-49430

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...