Lucene search
K

682 matches found

Nuclei
Nuclei
added yesterday12 views

ZimaOS - Authentication Bypass

ZimaOS = 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. id: CVE-2026-21891 info: name: ZimaO...

9.8CVSS6AI score0.02169EPSS
Exploits1References2
CVE
CVE
added 6 days ago11 views

CVE-2026-57352

CVE-2026-57352 concerns the WordPress plugin ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce (

4.8CVSS5.8AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56029

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...

7.5CVSS0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.7 views

EUVD-2026-39692

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.32 views

CVE-2026-56029 WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...

7.5CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.17 views

CVE-2026-56029

CVE-2026-56029 affects the WordPress CorvusPay WooCommerce Payment Gateway plugin ≤ 2.7.4. It is described as an Unauthenticated Broken Authentication vulnerability. The CVSS 3.1 base score is 7.5 (HIGH) with network attack vector, no user interaction, and no confidentiality or availability impac...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 1:16 p.m.9 views

CVE-2026-56237

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

9.3CVSS0.00293EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.4 views

CVE-2026-56237

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

9.3CVSS6AI score0.00293EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/23 9:27 a.m.5 views

WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by ParkHyunWoo in WordPress Plugin CorvusPay WooCommerce Payment Gateway versions = 2.7.4...

7.5CVSS5.8AI score0.00294EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37638

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS5.2AI score0.00381EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37640

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

7.6CVSS5.2AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37614

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

6.5CVSS5.2AI score0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.6 views

EUVD-2026-37609

Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...

8.8CVSS5.2AI score0.00316EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37666

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 1:36 p.m.30 views

CVE-2026-54817 WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-54802

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS0.00381EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-49767

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00548EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-49071

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

6.5CVSS0.00305EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-42629

Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...

8.8CVSS0.00316EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-25439

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS0.00322EPSS
Exploits0References1
Rows per page
Query Builder