Lucene search
K

61633 matches found

Nuclei
Nuclei
added 14 hours ago112 views

WordPress WPQA <5.5 - Improper Access Control

WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site. id: CVE-2022-1598 info: name: WordPress WPQA 5.5 - Improper Access Control...

5.3CVSS6.2AI score0.05076EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago47 views

WAVLINK WN535 G3 - Improper Access Control

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS7.2AI score0.02995EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago75 views

Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control

Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-38817 info: name: Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control author: For3stCo1d...

7.5CVSS7AI score0.02941EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago57 views

WAVLINK WN530HG4 - Improper Access Control

WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute...

9.8CVSS7.1AI score0.02415EPSS
Exploits1References4
Nuclei
Nuclei
added 16 hours ago17 views

VMware vRealize Log Insight - Improper Access Control to RCE

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. id: CVE-2022-31704 info: name: VMware vRealize Log Insight - Improper Acces...

9.8CVSS7.3AI score0.81011EPSS
Exploits3References3
Nuclei
Nuclei
added 16 hours ago13 views

vCenter Server - Improper Access Control

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. id: CVE-2021-22017 info: name:...

5.3CVSS6.8AI score0.47642EPSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-40452

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

7.5CVSS0.0014EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-42837

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

6.5CVSS6.1AI score0.00132EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-40009

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

6.5CVSS6.1AI score0.00132EPSS
Exploits0References2Affected Software1
NVD
NVD
added yesterday9 views

CVE-2026-21039

Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings...

6.9CVSS0.00105EPSS
Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2026-21040

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS0.00099EPSS
Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2026-21041

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS0.00105EPSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-42820

Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

5.1CVSS5.9AI score0.00105EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-21050

Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

5.1CVSS5.9AI score0.00105EPSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-21050

CVE-2026-21050 describes an improper access control vulnerability in SmartThingsKit prior to the SMR Jul-2026 Release 1. The issue allows local attackers to access sensitive information due to insufficient access restrictions in the affected component. CVSS 4.0 base vector indicates LOCAL attack,...

5.1CVSS5.9AI score0.00105EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42812

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS5.9AI score0.00105EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-21041

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS5.9AI score0.00105EPSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-42811

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS5.9AI score0.00099EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-21040

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS0.00099EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-21040

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS5.9AI score0.00099EPSS
Exploits0References2
Rows per page
Query Builder