Lucene search
+L

11609 matches found

Patchstack
Patchstack
added 2026/07/08 12:52 p.m.5 views

WordPress Gift Vouchers plugin <= 4.6.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Gift Vouchers versions = 4.6.9...

6.5CVSS6.1AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 12:40 p.m.5 views

WordPress Peach Payments Gateway plugin <= 4.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HieuPenguinnn in WordPress Plugin Peach Payments Gateway versions = 4.0.2...

6.5CVSS6.1AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 12:34 p.m.5 views

WordPress FundEngine plugin <= 1.7.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peng Zhou in WordPress Plugin FundEngine versions = 1.7.6...

6.5CVSS6.1AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 12:31 p.m.8 views

WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Theme Open Shop versions = 1.7.1...

7.1CVSS6.1AI score0.00226EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 12:28 p.m.6 views

WordPress Booking and Rental Manager plugin <= 2.6.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hhhai in WordPress Plugin Booking and Rental Manager versions = 2.6.9...

6.5CVSS6.1AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 10:0 a.m.4 views

WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by okndjo in WordPress Plugin Event Tickets Manager for WooCommerce versions = 1.5.5...

6.5CVSS6.1AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 9:34 a.m.5 views

WordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Sandesh Gawai in WordPress Plugin Tourfic versions = 2.22.5...

6.5CVSS6.1AI score0.00248EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 9:0 a.m.5 views

WordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ramshath in WordPress Plugin Tourfic versions = 2.22.5...

6.5CVSS6.1AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 8:59 a.m.4 views

WordPress Extra Product Options Builder for WooCommerce plugin <= 1.2.167 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by VanTastic in WordPress Plugin Extra Product Options Builder for WooCommerce versions = 1.2.167...

6.5CVSS6.1AI score0.00242EPSS
Exploits0Affected Software1
Nuclei
Nuclei
added 2026/07/08 5:22 a.m.58 views

Atlassian Confluence - Privilege Escalation

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. id: CVE-2023-22515 info: name: Atlassian Confluence - Privilege Escalation author:...

10CVSS7.4AI score0.99156EPSS
Exploits39References5
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56567

Name of the Vulnerable Software and Affected Versions Gumroad versions prior to 2026.07.06.2 Description Broken access control in the PurchasesController allows authenticated sellers to manipulate purchase access for products belonging to other sellers. By sending PUT requests to the revoke acces...

7.1CVSS6.2AI score0.0022EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 4:3 p.m.15 views

PYSEC-2026-1802 pretix has Broken Access Control Allowing Cross-User File Access via UUID

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS5.9AI score0.00226EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 4:3 p.m.9 views

PYSEC-2026-1803 pretix has Broken Access Control Allowing Cross-User File Access via UUID

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS5.9AI score0.00226EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/07/07 2:19 p.m.5 views

WordPress Advanced Forms plugin <= 1.9.3.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Advanced Forms versions = 1.9.3.7...

7.5CVSS5.9AI score0.00246EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/07 2:17 p.m.5 views

WordPress WowAddons plugin <= 1.6.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin WowAddons versions = 1.6.8...

6.5CVSS5.9AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/07 9:13 a.m.6 views

WordPress MStore API plugin <= 4.18.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Plugin MStore API versions = 4.18.4...

6.5CVSS5.9AI score0.00194EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/07 6:16 a.m.10 views

CVE-2026-57870

Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

5.3CVSS0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 5:28 a.m.13 views

CVE-2026-57870

CVE-2026-57870 describes a broken object-level access control flaw in MicroRealEstate’s Template API (up to version 1.0.0-alpha3). The underlying issue allows an attacker to retrieve document templates used by other organizations without authorization. Affected software is MicroRealEstate, with t...

5.3CVSS6AI score0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:28 a.m.5 views

CVE-2026-57870

Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

5.3CVSS6AI score0.00215EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 5:28 a.m.34 views

CVE-2026-57870

Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

5.3CVSS0.00215EPSS
Exploits0References2
Rows per page
Query Builder