CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

76 matches found

Vulnrichment•added 2026/05/26 8:58 p.m.•3 views

CVE-2025-14361 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

7.1CVSS5.8AI score0.0004EPSS

Exploits0References1

Redos•added 2026/03/20 12:0 a.m.•2 views

ROS-20260320-73-0002

A vulnerability in the command line interface of the SQLite database management system is associated with errors in the implementation of the azAllowedFunctions protection mechanism. Exploitation of the vulnerability may allow an attacker to gain unauthorized access to prohibited user functions...

7.3CVSS6.7AI score0.00136EPSS

Exploits1

CNNVD•added 2026/03/05 12:0 a.m.•3 views

WordPress plugin Site Suggest 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00056EPSS

Exploits0References1

Veracode•added 2026/02/28 5:12 a.m.•1 views

SQL Injection

Apache Superset is vulnerable to SQL Injection. The vulnerability is due to an incomplete default list of restricted SQL functions for the ClickHouse engine, where attackers can execute potentially sensitive SQL functions within SQL Lab and charts...

6.5CVSS5.7AI score0.00069EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/11 12:19 p.m.•2 views

CVE-2025-8025 Improper Access Control in Dinosoft Business Solutions' Dinosoft ERP

Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from 3.0.1 through 11022026. NOTE: The vendor was contacted early about...

9.8CVSS5.4AI score0.00032EPSS

Exploits0References1

CVE•added 2026/02/11 12:19 p.m.•6 views

CVE-2025-8025

The CVE concerns Dinosoft ERP with a Missing Authentication for Critical Function/Improper Access Control issue that affects versions

9.8CVSS5.4AI score0.00032EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:20 a.m.•7 views

CVE-2021-33704

The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack...

8.8CVSS6.7AI score0.00222EPSS

Exploits0References1

RedhatCVE•added 2025/12/18 12:40 p.m.•1 views

CVE-2025-14095

A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...

8.4CVSS6.6AI score0.00273EPSS

Exploits0References1

EUVD•added 2025/12/18 9:30 a.m.•1 views

EUVD-2025-204111

Missing Authorization vulnerability in YayCommerce YayPricing yaypricing allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects YayPricing: from n/a through = 3.5.3...

7.5CVSS6.5AI score0.00043EPSS

Exploits0References2

Vulnrichment•added 2025/12/17 11:45 a.m.•2 views

CVE-2025-14095 Privilege boundary violation in Radiometer Products

6.8CVSS6.2AI score0.00029EPSS

Exploits0References1

NVD•added 2025/12/16 9:15 a.m.•1 views

CVE-2025-64634

Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through = 7.13.2...

5.3CVSS0.00038EPSS

Exploits0References1

RedhatCVE•added 2025/11/07 5:33 p.m.•1 views

CVE-2025-58243

Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects imEvent: from n/a through = 3.4.0...

5.3CVSS7AI score0.00041EPSS

Exploits0References1

NVD•added 2025/10/27 2:15 a.m.•1 views

CVE-2025-62977

Missing Authorization vulnerability in 沃之涛百度站长SEO合集支持百度/神马/Bing/头条推送 baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 百度站长SEO合集支持百度/神马/Bing/头条推送: from n/a through = 2.1.4...

5.3CVSS0.00044EPSS

Exploits0References1

RedhatCVE•added 2025/10/23 3:14 p.m.•1 views

CVE-2025-49925

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

7.5CVSS7AI score0.00046EPSS

Exploits0References1

OSV•added 2025/10/22 3:15 p.m.•0 views

CVE-2025-49925

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

7.3CVSS5.8AI score

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-27470

Malware in sbrugna...

9.6CVSS9AI score0.00364EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-20381

Malware in sbrugna...

8.8CVSS6.9AI score0.00222EPSS

Exploits0References3