Lucene search
K

1263 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-61968

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 3.1.2...

5.4CVSS0.0017EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-57778

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...

5.3CVSS0.00285EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-57693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spacetime Ad Inserter ad-inserter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ad Inserter: from n/a through = 2.8.11...

6.5CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-57408

Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through = 4.0.2...

6.5CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-57395

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.22.5...

6.5CVSS0.00248EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-57694

CVE-2026-57694 affects the WordPress Tutor LMS plugin up to version 3.9.13, describing an insecure direct object reference (IDOR) vulnerability that enables an authorization bypass via a user-controlled key. The root cause is misconfigured access controls that allow access to restricted resources...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57768

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS6.1AI score0.00226EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/07 4:17 p.m.5 views

EUVD-2026-42055

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References3
NVD
NVD
added 2026/07/01 5:16 p.m.6 views

CVE-2026-27409

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13...

5.3CVSS0.002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:55 p.m.7 views

CVE-2026-57720

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 10:16 a.m.10 views

CVE-2026-27435

Missing Authorization vulnerability in WofficeIO Woffice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woffice: from n/a before 5.4.33...

5.3CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 9:16 a.m.10 views

CVE-2026-57676

Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9...

4.3CVSS0.00183EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:19 a.m.7 views

CVE-2026-57676

Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53236

Name of the Vulnerable Software and Affected Versions Simple User Avatar versions prior to 5.0 Description An authorization bypass exists due to a user-controlled key, which allows the exploitation of incorrectly configured access control security levels. This issue is characterized as an Insecur...

4.3CVSS6.1AI score0.00183EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 1:16 p.m.6 views

EUVD-2026-39387

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...

8.1CVSS5.8AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37579

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...

5.5CVSS5.3AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 2:21 p.m.19 views

CVE-2026-54810

The CVE-2026-54810 entry concerns the WordPress plugin Nexi XPay (≤ 8.3.1). The vulnerability is described as a Missing Authorization/ Broken Access Control issue caused by incorrectly configured access controls, affecting Nexi XPay on versions from n/a up to 8.3.1. Public metrics indicate a HIGH...

7.5CVSS5.3AI score0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 2:21 p.m.11 views

EUVD-2026-37725

Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1...

7.5CVSS5.3AI score0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:49 p.m.11 views

EUVD-2025-210248

Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3...

7.3CVSS5.2AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.14 views

CVE-2026-40809

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1...

6.5CVSS0.00196EPSS
Exploits0References1
Rows per page
Query Builder