Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

353 matches found

RedhatCVE
RedhatCVEadded 3 days ago5 views

CVE-2026-41935

Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init repeatedly invokes permission on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admin...

7.1CVSS5.5AI score0.00042EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 3 days ago5 views

CVE-2026-5231

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS5.7AI score0.00045EPSS
Exploits0References1
NVD
NVDadded 3 days ago6 views

CVE-2025-71318

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS0.0017EPSS
Exploits0References3
EUVD
EUVDadded 3 days ago5 views

EUVD-2025-210079

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS5.5AI score0.0017EPSS
Exploits0References3
CVE
CVEadded 3 days ago8 views

CVE-2025-71318

CVE-2025-71318 concerns NetMan 204, where authentication is not enforced on administrative pages and command endpoints. A remote, unauthenticated attacker can directly access pages (e.g., administration.html, administration-commands.html, configuration.html) to disclose sensitive details such as ...

9.8CVSS5.5AI score0.0017EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 3 days ago2 views

CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS5.5AI score0.0017EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 3 days ago4 views

CVE-2025-71318

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS5.5AI score0.0017EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 4 days ago6 views

WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin

Unauthenticated Stored DOM XSS via pagetitle Broadcast in AVideo YPTSocket Plugin Summary A stored DOM Cross-Site Scripting vulnerability CWE-79 in the AVideo YPTSocket plugin lets any unauthenticated remote attacker execute arbitrary JavaScript in the authenticated origin of every administrator...

6.2AI score
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/20 7:52 p.m.3 views

CVE-2026-9141

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attacker...

9.8CVSS5.8AI score0.00258EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/05/18 7:58 p.m.8 views

CVE-2026-46362

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

7.1CVSS5.9AI score0.00047EPSS
Exploits0References1
NVD
NVDadded 2026/05/15 7:17 p.m.8 views

CVE-2026-46362

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

7.1CVSS0.00047EPSS
Exploits0References2
CVE
CVEadded 2026/05/15 6:36 p.m.11 views

CVE-2026-46362

CVE-2026-46362 affects phpMyFAQ prior to 4.1.2, where a flaw in AbstractAdministrationController::userHasPermission() allows an authenticated user to bypass authorization and access any permission-protected admin page. The root cause is failure to terminate execution after sending a forbidden res...

7.1CVSS5.9AI score0.00047EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/15 6:36 p.m.28 views

CVE-2026-46362 phpMyFAQ - Authorization Bypass in Admin Pages via Non-Terminating Permission Check

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

7.1CVSS0.00047EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/15 6:36 p.m.8 views

CVE-2026-46362 phpMyFAQ - Authorization Bypass in Admin Pages via Non-Terminating Permission Check

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

7.1CVSS5.9AI score0.00047EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/05/15 12:0 a.m.6 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the AbstractAdministrationController::userHasPermission function, which did not terminate execution...

7.1CVSS5.9AI score0.00047EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/14 2:27 p.m.6 views

EUVD-2026-30293

Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init repeatedly invokes permission on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admin...

7.1CVSS5.8AI score0.00042EPSS
Exploits0References3
CVE
CVEadded 2026/05/14 2:27 p.m.7 views

CVE-2026-41935

Vvveb

7.1CVSS5.8AI score0.00042EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.8 views

PT-2026-40943

Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init repeatedly invokes permission on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admin...

7.1CVSS5.8AI score0.00042EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/13 3:29 p.m.9 views

EUVD-2026-29135

Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray...

7.7CVSS5.8AI score0.00036EPSS
Exploits1References3
CVE
CVEadded 2026/05/12 2:0 p.m.5 views

CVE-2026-43937

Summary: CVE-2026-43937 affects YetAnotherForum.NET (YAF.NET) prior to 4.0.5. An admin handler (OnPost… in /Admin/RunSql) can bypass authorization due to PageSecurityCheckAttribute executing after the handler, allowing arbitrary SQL execution via IDbAccess.RunSql when a low-privileged user posts ...

8.8CVSS6.1AI score0.00029EPSS
Exploits0References1
Rows per page
Query Builder