Lucene search
K

162272 matches found

Nuclei
Nuclei
added 18 hours ago15 views

Templately <= 3.1.2 - Broken Access Control

Templately allow an attacker to logout users who signed in to their templately account, so you can sign in your templately account to exploit this vulnerability. Go to http://IP/wordpress/wp-admin/admin.php?page=templately&path=sign-in to sign in then logout. id: CVE-2024-47308 info: name:...

9.8CVSS5.9AI score0.01695EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago13 views

ipTIME A2004 - Unauthorized Access

An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. id: CVE-2024-54763 info: name: ipTIME A2004 - Unauthorized Access author: ritikchaddha severity: medium description: | An access control...

6.5CVSS5.9AI score0.00746EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago19 views

DATAGERRY - Improper Access Control

The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information. id: CVE-2024-50967 info: name: DATAGERRY -...

6.5CVSS6AI score0.01616EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago61 views

WordPress FluentForms <= 5.1.16 - Broken Access Control

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...

7.5CVSS5.9AI score0.0123EPSS
Exploits0References4
Nuclei
Nuclei
added 18 hours ago25 views

LiteLLM - Arbitrary File Read

LiteLLM 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts. id: CVE-2026-35029 info: name: LiteLLM - Arbitrary File Read...

8.8CVSS6AI score0.26409EPSS
Exploits2References3
Nuclei
Nuclei
added 18 hours ago14 views

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

8.8CVSS7.3AI score0.0692EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago5 views

LeadConnector < 3.0.22 - Unauthenticated Arbitrary Data Write

LeadConnector WordPress plugin 3.0.22 contains a broken access control caused by missing authorization in a REST route, letting unauthenticated attackers overwrite existing data remotely, exploit requires no authentication. id: CVE-2026-1890 info: name: LeadConnector 3.0.22 - Unauthenticated...

5.3CVSS5.9AI score0.00645EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago14 views

LottieFiles WordPress Plugin <= 3.0.0 - Missing Authorization

LottieFiles LottieFiles = 3.0.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers exploit missing authorization, exploit requires no special privileges. id: CVE-2025-68043 info: name: LottieFiles WordPress Plugin =...

7.3CVSS5.9AI score0.00588EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago54 views

D-Link DIR-816L - Improper Access Control

D-Link DIR-816LFW206b01 is susceptible to improper access control. An attacker can access folders folderview.php and categoryview.php and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-28955 info: name: D-Link DIR-816L - Improper...

7.5CVSS6.9AI score0.38289EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago67 views

Lin CMS Spring Boot - Default JWT Token

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application. id: CVE-2022-32430 info: name: Lin CMS Spring Boot - Default JWT Token author: DhiyaneshDK severity: high description: | An access control issue in Lin CM...

7.5CVSS7.1AI score0.03634EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago44 views

Contest Gallery - Broken Access Control

Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions. id: CVE-2024-43283 info: name: Contest Gallery - Broken Access...

7.5CVSS5.9AI score0.01104EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago16 views

Spring Cloud Gateway Server Webflux - Broken Access Control

Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and exposed actuator endpoints allowing modification of Spring Environment properties, letting attackers modify configuration, exploit requires unsecured actuator endpoints exposure. id: CVE-2025-41243 info: name:...

10CVSS7.2AI score0.03311EPSS
Exploits0References4
Nuclei
Nuclei
added 18 hours ago27 views

WP Cerber < 8.9.3 - Broken Access Control

WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...

5.3CVSS6.1AI score0.0235EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago15 views

Symfony HttpFoundation - Access Control Bypass via PATH_INFO

Symfony HttpFoundation component = 2.0.0 and prior to versions 5.4.50, 6.4.29, and 7.3.7 contains an access control bypass vulnerability. The Request class improperly interprets some PATHINFO values, producing URL paths without a leading /. This allows bypassing access control rules that are buil...

7.3CVSS7.1AI score0.01326EPSS
Exploits0References4
Nuclei
Nuclei
added 18 hours ago13 views

vCenter Server - Improper Access Control

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. id: CVE-2021-22017 info: name:...

5.3CVSS7AI score0.47642EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago18 views

Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit - Broken Access Control

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash in all...

9.8CVSS5.9AI score0.02904EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago47 views

WAVLINK WN535 G3 - Improper Access Control

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS7.4AI score0.02995EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago17 views

Webnus Inc. Modern Events Calendar - Broken Access Control

Webnus Inc. Modern Events Calendar = 7.29.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers bypass authorization, exploit requires no special privileges. id: CVE-2026-32583 info: name: Webnus Inc. Modern Events...

5.3CVSS5.9AI score0.007EPSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago113 views

Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass

Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the...

7.5CVSS7.2AI score0.51653EPSS
Exploits5References5
Nuclei
Nuclei
added 18 hours ago112 views

WordPress WPQA <5.5 - Improper Access Control

WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site. id: CVE-2022-1598 info: name: WordPress WPQA 5.5 - Improper Access Control...

5.3CVSS6.2AI score0.05076EPSS
Exploits2References5
Rows per page
Query Builder