Lucene search
K

987 matches found

Nuclei
Nuclei
added yesterday17 views

WordPress 3D FlipBook <= 1.16.17 - Information Disclosure

WordPress 3D FlipBook - PDF Flipbook Viewer, Flipbook Image Gallery plugin versions = 1.16.17 contain a missing authorization vulnerability in multiple AJAX endpoints. The fb3dsendpostsin, fb3dsendpostpages, fb3dsendpostsinpages, fb3dsendpostsinfirstpage, and fb3dsendpostfirstpage handlers are...

5.3CVSS6.1AI score0.00892EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday7 views

YMC Filter WordPress - Unauthenticated Post Disclosure

YMC Filter WordPress plugin 3.11.3 contains a broken access control vulnerability caused by improper authorization and lack of validation in a REST API endpoint, letting unauthenticated attackers retrieve private and non-public post content, exploit requires no authentication. id: CVE-2026-10823...

7.5CVSS6.1AI score0.00921EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday20 views

WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts

WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication. id: CVE-2019-17671 info: name: WordPress = 5.2.4 - Unauthenticated View Private/Draft Posts author:...

5.3CVSS6.7AI score0.36503EPSS
Exploits2References4
NVD
NVD
added yesterday5 views

CVE-2026-44771

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...

4.3CVSS0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday15 views

CVE-2026-44771 Missing Authorization check in SAP S/4HANA (Draft operation)

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...

4.3CVSS0.00172EPSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-44771

Technical details about CVE-2026-44771 are not publicly available in the provided documents; monitor for updates as new information may be released.

4.3CVSS6.1AI score0.00172EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-12738

The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.5.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00213EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43151

The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.5.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6.1AI score0.00213EPSS
Exploits0References5
CVE
CVE
added 4 days ago13 views

CVE-2026-12738

CVE-2026-12738 affects WP Easy Pay

4.3CVSS6.1AI score0.00213EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-12738 WP Easy Pay <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Status Modification via wpep_draft_confirm AJAX Action

The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.5.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00213EPSS
Exploits0References5
NVD
NVD
added 4 days ago5 views

CVE-2026-6804

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacke...

5.3CVSS0.00353EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-6804 AI Chatbot & Workflow Automation by AIWU <= 1.4.12 - Missing Authorization to Unauthenticated Arbitrary Modification via 'publishTasks' and 'unpublishTasks' AJAX Actions

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacke...

5.3CVSS0.00353EPSS
Exploits0References10
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57994 phpMyFAQ - Information Disclosure of Inactive FAQ Content via Public API Endpoints

phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...

6.9CVSS0.00214EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-54004

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS0.00312EPSS
Exploits0References5
OSV
OSV
added 6 days ago2 views

CVE-2026-54004 Kirby: Access to files of top-level drafts is not protected by permissions

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS6.1AI score0.00312EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-54004 Kirby: Access to files of top-level drafts is not protected by permissions

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS0.00312EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-54004

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References6Affected Software1
CVE
CVE
added 6 days ago22 views

CVE-2026-54004

CVE-2026-54004 affects Kirby CMS. Prior to version 4.9.4 and 5.4.4, when content.fileRedirects is enabled, clean file URLs for files stored in top-level draft pages could be redirected to physical media URLs without verifying draft page permissions or preview tokens, potentially disclosing draft ...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks in the draft release process. An attacker can access sensitive draft release data or attachments by bypassing required write permissions. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.8 views

CVE-2026-27660

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...

7.5CVSS0.00345EPSS
Exploits0References4
Rows per page
Query Builder