CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•8 views

CVE-2026-48879

The CVE-2026-48879 entry concerns the WordPress AIWU plugin (versions up to 1.4.17). It is described as an Incorrect Privilege Assignment that enables Privilege Escalation. CVSS v3.1 base score 9.8 (Network attack, Low complexity, No user interaction, Privileges required: None; Confidentiality/In...

9.8CVSS5.8AI score0.00041EPSS

Positive Technologies•added 2 days ago•7 views

PT-2026-45433

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

9.8CVSS5.8AI score0.00041EPSS

Positive Technologies•added 2 days ago•8 views

PT-2026-45441

Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...

9.8CVSS5.8AI score0.00041EPSS

Positive Technologies•added 5 days ago•6 views

PT-2026-44742

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control...

7.3CVSS6.2AI score0.00013EPSS

Redos•added 5 days ago•7 views

ROS-20260529-73-0004

The vulnerability of the GNOME Remote Desktop remote desktop service is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to compromise data integrity and cause service failures through a specially created RDP packet...

6.5CVSS5.8AI score0.00454EPSS

Exploits0

GithubExploit•added 6 days ago•57 views

Exploit for Incorrect Privilege Assignment in Litespeedtech Litespeed_Cpanel_Plugin

CVE-2026-48172 - LiteSpeed cPanel Plugin Vulnerability Auditor...

10CVSS6AI score0.07956EPSS

Exploits1

RedhatCVE•added 6 days ago•2 views

CVE-2026-46214

A flaw was found in the Linux kernel's vsock/virtio component. This vulnerability occurs when virtiotransportrecvlisten calls skacceptqadded before transport validation, leading to a permanent increment of the skackbacklog counter if transport assignment fails. A remote attacker could exploit thi...

5.5CVSS5.7AI score0.00024EPSS

Exploits0References4

Vulnrichment•added 2026/05/27 4:58 p.m.•5 views

CVE-2026-48150 Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS5.8AI score0.00064EPSS

NVD•added 2026/05/27 2:17 p.m.•3 views

CVE-2026-46048

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the USB device with usbgetdev and stores the matching usbputdev in cardfree, which is installed as the sndcard's -privatefree destructor...

0.00032EPSS

Exploits0References8

EUVD•added 2026/05/27 12:57 p.m.•3 views

EUVD-2026-32430

5.8AI score0.00032EPSS

Exploits0References5

NVD•added 2026/05/27 11:16 a.m.•5 views

CVE-2026-42758

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...

9.8CVSS0.00054EPSS

EUVD•added 2026/05/27 9:49 a.m.•3 views

EUVD-2026-32207

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...

ATTACKERKB•added 2026/05/27 9:49 a.m.•2 views

CVE-2026-42758

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...

CVE•added 2026/05/27 9:49 a.m.•12 views

CVE-2026-42758

CVE-2026-42758 is a privilege-escalation vulnerability in the WordPress WebinarIgnition plugin (Saleswonder Team: Tobias WebinarIgnition). The issue is described as Incorrect Privilege Assignment and affects WebinarIgnition versions before 4.08.253. The vulnerability is categorized with a high/cr...

Vulnrichment•added 2026/05/27 9:49 a.m.•4 views

CVE-2026-42731 WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

CVE•added 2026/05/27 9:49 a.m.•9 views

CVE-2026-42731

CVE-2026-42731 affects the WordPress plugin miniorange OTP verification (miniorange-otp-verification) up to and including version 5.4.9. Root cause: Incorrect Privilege Assignment leading to Privilege Escalation . Affected component: the plugin’s privilege handling; impact is described as high (c...

EUVD•added 2026/05/27 9:49 a.m.•3 views

EUVD-2026-32177

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-43643

Positive Technologies•added 2026/05/27 12:0 a.m.•2 views

PT-2026-43666

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...