CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/18 9:47 a.m.•4 views

BIT-DOTNET-2026-45490 .NET SDK Elevation of Privilege Vulnerability

Improper authorization in .NET allows an authorized attacker to elevate privileges locally...

7.8CVSS5.2AI score0.00266EPSS

OSV•added 2026/06/18 9:47 a.m.•5 views

BIT-DOTNET-SDK-2026-45490 .NET SDK Elevation of Privilege Vulnerability

Improper authorization in .NET allows an authorized attacker to elevate privileges locally...

7.8CVSS5.3AI score0.00266EPSS

EUVD•added 2026/06/18 6:50 a.m.•8 views

EUVD-2026-37864

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS5.4AI score0.00285EPSS

NVD•added 2026/06/18 6:16 a.m.•11 views

CVE-2026-9199

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS0.00245EPSS

NVD•added 2026/06/18 6:16 a.m.•12 views

CVE-2026-12093

The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to deactivate arbitra...

5.3CVSS0.00352EPSS

EUVD•added 2026/06/18 5:34 a.m.•9 views

EUVD-2026-37847

5.3CVSS5.5AI score0.00352EPSS

Snyk•added 2026/06/18 5:9 a.m.•6 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the shell inline-command parsing process. An attacker can execute unauthorized shell commands by crafting command requests that bypass the intended allowlist...

8.1CVSS6AI score0.0026EPSS

EUVD•added 2026/06/18 4:31 a.m.•9 views

EUVD-2026-37837

4.3CVSS5.3AI score0.00245EPSS

Cvelist•added 2026/06/18 4:31 a.m.•23 views

CVE-2026-9199 Equalize Digital Accessibility Checker <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification via 'largeBatch' Parameter

4.3CVSS0.00245EPSS

CVE•added 2026/06/18 4:31 a.m.•19 views

CVE-2026-9199

The CVE-2026-9199 entry concerns the WordPress plugin Equalize Digital Accessibility Checker (WCAG/ADA/EAA/Section 508) up to version 1.42.1. The root cause is missing authorization verification, allowing authenticated users with author-level access and above to modify accessibility issue records...

4.3CVSS5.4AI score0.00245EPSS

NVD•added 2026/06/18 4:16 a.m.•13 views

CVE-2026-12407

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

8.8CVSS0.00387EPSS

Cvelist•added 2026/06/18 3:41 a.m.•20 views

CVE-2026-12407 E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter

8.8CVSS0.00387EPSS

CVE•added 2026/06/18 3:41 a.m.•19 views

CVE-2026-12407

CVE-2026-12407 affects the E2Pdf – Export Pdf Tool for WordPress plugin versions up to 1.32.26. The screen_action() path bypasses nonce and capability checks, reading attacker-controlled options from $_POST['wp_screen_options'] and passing them to update_option() with no allowlist, enabling authe...

8.8CVSS5.4AI score0.00387EPSS

EUVD•added 2026/06/18 3:41 a.m.•10 views

EUVD-2026-37836

8.8CVSS5.3AI score0.00387EPSS