Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

994 matches found

NVD
NVDadded yesterday8 views

CVE-2022-42479

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

5.4CVSS0.00056EPSS
Exploits0References1
EUVD
EUVDadded yesterday4 views

EUVD-2022-56003

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

5.4CVSS5.4AI score0.00056EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded yesterday7 views

PT-2026-48633

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

5.4CVSS5.4AI score0.00056EPSS
Exploits0References2
EUVD
EUVDadded 2 days ago5 views

EUVD-2026-36133

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...

8.7CVSS5.4AI score0.00042EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 6 days ago11 views

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded last week7 views

CVE-2025-14361

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

7.1CVSS5.4AI score0.0004EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded last week5 views

CVE-2025-53302

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

5.3CVSS5.4AI score0.00037EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded last week6 views

CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

6.3CVSS5.5AI score0.00038EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded last week6 views

CVE-2026-6508

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...

9.8CVSS5.4AI score0.00028EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded last week5 views

CVE-2026-22676

Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...

8.5CVSS5.7AI score0.00015EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded last week5 views

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.00075EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/05 12:0 a.m.7 views

PT-2026-46912

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.00075EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2026/06/03 2:24 a.m.9 views

SUSE CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.8AI score0.00099EPSS
Exploits0References3
NVD
NVDadded 2026/06/02 10:16 a.m.9 views

CVE-2025-53302

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

5.3CVSS0.00037EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/02 8:56 a.m.8 views

EUVD-2026-33904

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.8AI score0.00099EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.9 views

PT-2026-45719

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

5.3CVSS5.8AI score0.00037EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/05/27 12:0 a.m.8 views

Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by Hitachi Vantara Corporation in the United States. Versions of Hitachi Vantara Pentaho Data Integration and Analytics prior to 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, contain...

6.3CVSS5.8AI score0.00038EPSS
Exploits0References1
CVE
CVEadded 2026/05/26 8:58 p.m.11 views

CVE-2025-14361

CVE-2025-14361 affects the WordPress plugin AA-Team Woocommerce Envato Affiliates (

7.1CVSS5.8AI score0.0004EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.7 views

PT-2026-43413

Name of the Vulnerable Software and Affected Versions Woocommerce Envato Affiliates versions prior to 1.2.2 Description A missing authorization issue allows access to functionality that is not properly constrained by Access Control Lists ACLs, which are sets of rules that define which users or...

7.1CVSS5.8AI score0.0004EPSS
Exploits0References4
AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.2 views

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. In affected versions, specially crafted Lua scripts executed in Redis can cause the heap-based Lua stack to overflow, due to incomplete checks for this condition. This can lead to heap corruption and potentially remote code...

8.8CVSS7AI score0.0246EPSS
Exploits0References2
Rows per page
Query Builder