CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 3 days ago•4 views

CVE-2026-45267 Nextcloud: Missing permission check for from submissions

Cvelist•added 3 days ago•22 views

CVE-2026-45267 Nextcloud: Missing permission check for from submissions

6.5CVSS0.00022EPSS

CVE•added 3 days ago•7 views

CVE-2026-45267

Nextcloud (open source content collaboration platform) has a vulnerability identified as CVE-2026-45267 where a missing permissions check in form submissions allowed a user to read submissions from other users. The issue affects versions prior to 5.2.6 and has been fixed in 5.2.6. The root cause ...

EUVD•added 3 days ago•4 views

EUVD-2026-33679

CNNVD•added 3 days ago•3 views

NextCloud Forms security vulnerabilities

NextCloud Forms is an open-source, hosted questionnaire and form creation tool developed by NextCloud. Versions of NextCloud Forms prior to 5.2.6 contained a security vulnerability due to a lack of permission checks. This vulnerability could allow users to request access to other users’ form...

6.5CVSS5.8AI score0.00022EPSS

Positive Technologies•added 3 days ago•8 views

PT-2026-45477

Vulnrichment•added 2026/05/21 9:9 p.m.•3 views

Exploits0References4

CVE-2026-7881 Concrete CMS 9.5.0 and below is vulnerable to IDOR in the Express Entry Detail block

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

ATTACKERKB•added 2026/05/21 9:9 p.m.•3 views

CVE-2026-7881

Exploits0References2Affected Software1

CNNVD•added 2026/05/21 12:0 a.m.•4 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from insecure direct object references in the Express Entry Detail block, which may allow unauthorized access to...

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42554

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description An Insecure Direct Object Reference IDOR, which occurs when an application provides direct access to objects based on user-supplied input, exists in the Express Entry Detail block. By...

Cvelist•added 2026/05/19 6:33 p.m.•25 views

CVE-2026-8096 Kirki <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure via 'kirki_wp_admin_get_apis' Action

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

6.5CVSS0.0003EPSS

EUVD•added 2026/05/19 6:33 p.m.•6 views

EUVD-2026-30971

6.5CVSS5.7AI score0.0003EPSS

Cvelist•added 2026/05/14 5:30 a.m.•30 views

CVE-2026-5396 Fluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' Parameter

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS0.00039EPSS

Exploits0References2

Nextcloud•added 2026/05/12 8:20 a.m.•7 views

Missing permission check for reading form submissions

None...

6.5CVSS5.8AI score0.00022EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/12 7:48 a.m.•11 views

CVE-2026-7050

The Forms Rb WordPress plugin (versions ≤ 1.1.9) is vulnerable to an authorization bypass due to insufficient access checks, allowing authenticated users with contributor-level access and above to read form submissions, modify form configurations, and delete records for forms they do not own. Roo...

4.3CVSS5.8AI score0.00041EPSS

Exploits0References13

CNNVD•added 2026/05/12 12:0 a.m.•4 views

WordPress plugin Forms Rb 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00041EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•5 views

PT-2026-39968

The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access a...

4.3CVSS5.8AI score0.00041EPSS

Exploits0References14

OSV•added 2026/05/11 4:17 p.m.•6 views

PYSEC-2026-148

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to f...

6.5CVSS5.8AI score0.00031EPSS

Cvelist•added 2026/05/11 2:40 p.m.•27 views

CVE-2026-44199 Wagtail: Improper permission handling when deleting form submissions

6.5CVSS0.00031EPSS