Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

145 matches found

NVD
NVDadded 5 days ago12 views

CVE-2026-8296

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts...

5.6CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago29 views

CVE-2026-8296

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts...

5.6CVSS0.00198EPSS
Exploits0References1
EUVD
EUVDadded 5 days ago9 views

EUVD-2026-38000

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts...

5.6CVSS5.8AI score0.00198EPSS
Exploits0References1
CVE
CVEadded 5 days ago19 views

CVE-2026-8296

CVE-2026-8296 affects Octopus Server. Affected versions permit embedding a Cross-Site Scripting (XSS) payload via artifacts when an attacker has high privileges and certain access levels; exploitation requires user interaction. CVSSv4 base score 5.6 (MEDIUM); attack vector NETWORK; attack complex...

5.6CVSS5.8AI score0.00198EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/06/01 2:17 p.m.15 views

praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...

5.8AI score0.00032EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2026/05/27 3:16 p.m.14 views

CVE-2026-49047

Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...

4.3CVSS0.00162EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 3:16 p.m.14 views

CVE-2026-49045

Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11...

4.3CVSS0.00213EPSS
Exploits0References1
CVE
CVEadded 2026/05/25 10:42 p.m.19 views

CVE-2026-32389

The CVE affects WordPress NanoCare theme prior to version 1.2.2, where a Missing Authorization vulnerability enables Broken Access Control due to incorrectly configured access control security levels in NanoCare. Affected component is the NanoCare WordPress theme; root cause is improper authoriza...

5.4CVSS5.8AI score0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/15 6:45 a.m.5 views

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS5.7AI score0.00273EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/12 4:32 p.m.7 views

CVE-2026-25431 WordPress Hustle plugin <= 7.8.10.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/12 7:49 a.m.5 views

CVE-2026-39432 WordPress Timetics plugin <= 1.0.53 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53...

8.2CVSS5.8AI score0.00244EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/22 9:31 a.m.4 views

EUVD-2026-24654

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References6
CVE
CVEadded 2026/04/15 10:21 a.m.4 views

CVE-2026-40728

The CVE-2026-40728 entry documents a Missing Authorization vulnerability in the WordPress Magazine Blocks plugin (BlockArt magazine-blocks) affecting versions up to 1.8.3. The issue arises from incorrectly configured access control security levels, enabling exploitation due to insufficient author...

4.3CVSS5.8AI score0.00144EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/15 10:21 a.m.0 views

CVE-2026-40728 WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through = 1.8.3...

4.3CVSS5.8AI score0.00144EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/08 8:30 a.m.0 views

CVE-2026-39610

Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through = 1.1...

5.9AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/08 8:30 a.m.23 views

CVE-2026-39607 WordPress Filter Plus plugin <= 1.1.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through = 1.1.17...

5.4CVSS0.00168EPSS
Exploits0References1
CVE
CVEadded 2026/04/08 8:30 a.m.5 views

CVE-2026-39585

The CVE-2026-39585 entry concerns the WordPress Booktics plugin, version range from unknown up to and including 1.0.16, described as a Missing Authorization vulnerability due to incorrectly configured access control. The vulnerability affects Booktics components (booktics) and is characterized by...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/08 8:30 a.m.1 views

CVE-2026-39504 WordPress InstaWP Connect plugin <= 0.1.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through = 0.1.2.5...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/08 8:30 a.m.19 views

CVE-2026-39506 WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

4.3CVSS0.00165EPSS
Exploits0References1
CVE
CVEadded 2026/04/08 8:30 a.m.7 views

CVE-2026-39501

CVE-2026-39501 is a Broken Access Control vulnerability affecting WordPress FOX plugin (woocommerce-currency-switcher) versions &lt;= 1.4.5. The root cause is Missing Authorization / incorrectly configured access control, allowing unauthorized access due to insufficient restrictions. Documents co...

5.3CVSS5.9AI score0.00291EPSS
Exploits0References1
Rows per page
Query Builder