Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2026/03/16 3:30 p.m.0 views

EUVD-2026-12389

Identity based authorization bypass vulnerability IDOR that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password. This could allow them to take complete control of other...

8.6CVSS5.8AI score0.00058EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/12/12 12:0 a.m.2 views

PT-2025-50812

Name of the Vulnerable Software and Affected Versions LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress versions prior to 1.2.30 Description The LazyTasks plugin for WordPress does not properly validate a user's identity before allowing updates ...

9.8CVSS6.9AI score0.0021EPSS
Exploits0References6
CVE
CVEadded 2025/11/01 6:40 a.m.14 views

CVE-2025-6574

Summary (CVE-2025-6574): The WordPress plugin “Service Finder Bookings” is vulnerable to privilege escalation via account takeover in all versions before 6.1. The issue stems from improper user identity validation before updating account details (e.g., email), enabling authenticated users with su...

8.8CVSS6.3AI score0.00063EPSS
Exploits0References2
CVE
CVEadded 2025/10/31 6:31 p.m.5 views

CVE-2025-64349

CVE-2025-64349 affects ELOG (the Electronic Logbook) with an authentication-level flaw: an authenticated, low-privilege user can modify another user’s profile, potentially changing the target’s email address and triggering a password reset to take over the account. Public records note ELOG defaul...

8.8CVSS6.5AI score0.00078EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVEadded 2025/08/18 7:16 a.m.5 views

CVE-2025-8898

The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This is due to the plugin not properly validating a user's capabilities prior to updating a plugin setting or their identit...

9.8CVSS6AI score0.00274EPSS
Exploits0References1
NVD
NVDadded 2025/08/16 7:15 a.m.4 views

CVE-2025-8898

The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This is due to the plugin not properly validating a user's capabilities prior to updating a plugin setting or their identit...

9.8CVSS0.00274EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/08/08 12:0 a.m.8 views

PT-2025-32390 · WordPress · Eventin

Name of the Vulnerable Software and Affected Versions: Eventin versions through 4.0.34 Description: The Eventin plugin for WordPress is susceptible to privilege escalation, potentially leading to account takeover. This occurs because the plugin does not adequately validate a user’s identity or...

8.8CVSS6.9AI score0.00158EPSS
Exploits3References8
Rows per page
Query Builder