Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2025/09/29 3:57 p.m.27 views

CVE-2025-41246

CVE-2025-41246 affects VMware Tools for Windows. The issue is an improper authorization in how user access controls are handled. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated via vCenter or ESX, may exploit this vulnerability to access other gues...

7.6CVSS6.4AI score0.00033EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/09/29 3:57 p.m.2 views

CVE-2025-41246 Improper authorisation vulnerability

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs...

7.6CVSS6.4AI score0.00033EPSS
Exploits0References1
CVE
CVEadded 2025/04/29 3:45 p.m.43 views

CVE-2025-40619

Bookgy suffers an improper access control vulnerability that could permit unauthenticated users to reach private or role-specific areas. The issue is described as insufficient authorization across multiple areas of the application, with a high impact on confidentiality (and a high impact on integ...

9.3CVSS6.8AI score0.0017EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/04 10:54 a.m.7 views

CVE-2023-4997 Improper authorisation in Uptime DC

Improper authorisation of regular users in ProIntegra Uptime DC software versions below 2.0.0.33940 allows them to change passwords of all other users including administrators leading to a privilege escalation...

8.8CVSS8.7AI score0.00071EPSS
Exploits0References2
NVD
NVDadded 2022/04/04 4:15 p.m.9 views

CVE-2022-0837

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...

5.5CVSS0.00212EPSS
Exploits2References1
Cvelist
Cvelistadded 2021/08/31 4:20 p.m.16 views

CVE-2021-39164 Improper authorisation of /members discloses room membership to non-members

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

3.1CVSS4AI score0.00271EPSS
Exploits0References5
Patchstack
Patchstackadded 2020/12/09 12:0 a.m.17 views

WordPress DiveBook plugin <= 1.1.4 - Improper Authorisation Check vulnerability

Improper Authorisation Check vulnerability found by Hooper Labs in WordPress DiveBook plugin versions = 1.1.4. Solution 2020-12-09 - we were unable to find a patched version of this plugin Last updated: 10 years ago...

5.3CVSS2.9AI score0.00214EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder