CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•3 views

CVE-2026-47343

Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...

RedhatCVE•added yesterday•5 views

CVE-2026-26236

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

Nuclei•added yesterday•14 views

WCFM Membership <= 2.10.0 - Broken Access Control

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks true the AJAX actions: wcfm-memberships, wcfm-memberships-manage, and wcfm-memberships-settings. id: CVE-2022-4940 info:...

7.3CVSS6.9AI score0.04435EPSS

Nuclei•added yesterday•12 views

LottieFiles WordPress Plugin <= 3.0.0 - Missing Authorization

LottieFiles LottieFiles = 3.0.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers exploit missing authorization, exploit requires no special privileges. id: CVE-2025-68043 info: name: LottieFiles WordPress Plugin =...

7.3CVSS5.4AI score0.01524EPSS

Nuclei•added yesterday•18 views

WordPress RSVP and Event Management <2.7.8 - Missing Authorization

WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as...

5.3CVSS5.9AI score0.11691EPSS

Exploits1References3

NVD•added yesterday•5 views

CVE-2026-26237

8.7CVSS0.00143EPSS

Cvelist•added yesterday•19 views

CVE-2026-26237 QuMagie

8.7CVSS0.00143EPSS

EUVD•added yesterday•8 views

EUVD-2026-35978

CVE•added yesterday•11 views

CVE-2026-26237

CVE-2026-26237 affects QuMagie. Description: a missing authorization vulnerability could allow remote attackers to access unauthorized data or perform unauthorized actions. The issue is fixed in QuMagie 2.9.0 and later. CVSSv4 metrics indicate high severity (base score 8.7) with network attack ve...

Vulnrichment•added yesterday•3 views

CVE-2026-26237 QuMagie

Positive Technologies•added yesterday•6 views

PT-2026-48371

EUVD•added 2 days ago•4 views

Exploits0References2

EUVD-2026-35449

8.6CVSS5.5AI score0.00055EPSS

Exploits0References6

Cvelist•added 2 days ago•22 views

CVE-2026-49948 Mem0 0.2.8 Missing Authorization via POST /configure Endpoint

8.6CVSS0.00055EPSS

Exploits0References5

NVD•added 2 days ago•4 views

CVE-2026-47343

7.2CVSS0.00036EPSS

EUVD•added 2 days ago•6 views

EUVD-2026-35392

Vulnrichment•added 2 days ago•4 views

CVE-2026-47343 TYPO3 CMS - Destructive Actions on File Mount Folders

CVE•added 2 days ago•7 views

CVE-2026-47343

Technical details are not publicly available in the provided documents. Monitor TYPO3 security advisories for updates. The CVE describes unauthorized write actions on file mount folders across several TYPO3 CMS versions, with no publicly disclosed exploitation specifics.

EUVD•added 2 days ago•8 views

EUVD-2026-35368

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

6.1CVSS5.4AI score0.00028EPSS