Lucene search
+L

12780 matches found

NVD
NVD
added 1 hour ago5 views

CVE-2026-11763

Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers. This issue affects GisLab Laboratory Management System: from 1.4.03...

6.5CVSS
Exploits0References1
NVD
NVD
added 1 hour ago5 views

CVE-2026-12693

Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.4CVSS
Exploits0References1
CVE
CVE
added 1 hour ago6 views

CVE-2026-12693

Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.4CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-12693 IDOR in Vimesoft's Enterprise Video Platform

Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.4CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-11763 IDOR in GIS Informatics' GisLab Laboratory Management System

Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers. This issue affects GisLab Laboratory Management System: from 1.4.03...

6.5CVSS
Exploits0References1
CVE
CVE
added 2 hours ago5 views

CVE-2026-11763

CVE-2026-11763 describes an Authorization bypass through a user-controlled key in GisLab Laboratory Management System (GisLab) from version 1.4.03 to 08072026. The vulnerability allows bypass of access controls, with confidentiality impact reported as High while other impacts are not claimed. CVS...

6.5CVSS5.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-11763 IDOR in GIS Informatics' GisLab Laboratory Management System

Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers. This issue affects GisLab Laboratory Management System: from 1.4.03...

6.5CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-63100 Maybe 0.6.0 Missing Authorization via HostingsController show/update

Maybe through 0.6.0 contains a missing authorization vulnerability that allows authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController, where the beforeaction ensureadmin filte...

7.1CVSS
Exploits0References2
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-45175

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/toolcron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to the...

6.5CVSS6AI score
Exploits0References6
NVD
NVD
added 13 hours ago8 views

CVE-2026-15349

The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.17.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS
Exploits0References10
Nuclei
Nuclei
added 13 hours ago14 views

WordPress MapPress Maps <= 2.96.6 - Unauthenticated IDOR

MapPress Maps for WordPress = 2.96.6 contains an authorization bypass caused by missing ownership verification in REST API routes, letting unauthenticated attackers read any map data and authenticated contributors modify any map, exploit requires crafted API requests id: CVE-2026-8839 info: name:...

5.3CVSS5.2AI score0.00813EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago71 views

FatPipe WARP/IPVPN/MPVPN - Authorization Bypass

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...

5.3CVSS5.7AI score0.02703EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago60 views

Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS7.2AI score0.01594EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago73 views

Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the...

9.8CVSS8.3AI score0.04461EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago17 views

Casdoor - Authorization Bypass

Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access. id: CVE-2025-4210 info: name: Casdoor - Authorization Bypass author: theamanrawat severity:...

7.5CVSS7.1AI score0.01813EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago17 views

Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

9.8CVSS5.4AI score0.01342EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago83 views

Lin CMS Spring Boot - Default JWT Token

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application. id: CVE-2022-32430 info: name: Lin CMS Spring Boot - Default JWT Token author: DhiyaneshDK severity: high description: | An access control issue in Lin CM...

7.5CVSS7.3AI score0.03634EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago58 views

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS8.8AI score0.04822EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago92 views

Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...

9.8CVSS7.3AI score0.13425EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago42 views

Site Offline WP Plugin < 1.5.3 - Authorization Bypass

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature. id: CVE-2022-1580 info: name: Site Offline WP Plugin 1.5.3 - Authorization Bypass author: s4e-io...

4.3CVSS5AI score0.01299EPSS
Exploits2References2
Rows per page
Query Builder