Lucene search
+L

5799 matches found

nuclei
nuclei
added yesterday28 views

WordPress Easy Student Results <=2.2.8 - Improper Authorization

WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...

7.5CVSS7AI score0.02801EPSS
Exploits2References5
cve
cve
added 2 days ago8 views

CVE-2026-48321

Technical details are not publicly available in the provided documents; no affected products, versions, or remediation are specified. Monitor for updates.

10CVSS6.1AI score0.00239EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2 days ago6 views

CVE-2026-58540

Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00284EPSS
Exploits0References1
nvd
nvd
added 2 days ago5 views

CVE-2026-58277

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.00757EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-54121

Improper authorization in Active Directory Certificate Services AD CS allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.00802EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-50346

Improper authorization in RPC Runtime allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00284EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-50344

Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00284EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago30 views

CVE-2026-15058

Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user's messages via a direct object reference to the message identifier...

0.00142EPSS
Exploits0References1
cve
cve
added 2 days ago6 views

CVE-2026-15058

The CVE-2026-15058 affects Devolutions Server versions 2026.2.11 and 2026.1.22, where the secure messages deletion endpoint incorrectly authorizes access. An authenticated user can delete another user’s messages by directly referencing the message identifier, due to an improper authorization flaw...

3.1CVSS6.1AI score0.00142EPSS
Exploits0References1
nvd
nvd
added 2 days ago7 views

CVE-2026-58631

Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally...

7.8CVSS0.00295EPSS
Exploits0References1
cve
cve
added 2 days ago15 views

CVE-2026-58631

CVE-2026-58631 involves Windows Admin Center where improper authorization allows an authorized attacker to execute code locally. The available sources describe a local attack vector with high impact (C:H/I:H/A:H) and a CVSS v3.1 base score of 7.8, indicating remote code execution risk within the ...

7.8CVSS6.1AI score0.00295EPSS
Exploits0References1
mscve
mscve
added 2 days ago4 views

Windows OLE Elevation of Privilege Vulnerability

Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00284EPSS
Exploits0
mscve
mscve
added 2 days ago4 views

Netlogon RPC Elevation of Privilege Vulnerability

Improper authorization in RPC Runtime allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00284EPSS
Exploits0
nuclei
nuclei
added 2 days ago162 views

Tenda AC1200 V-W15Ev2 - Authentication Bypass

The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The...

4.9CVSS6.2AI score0.28802EPSS
Exploits1References2
nuclei
nuclei
added 2 days ago43 views

QNAP HBS 3 - Broken Access Control

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS7.1AI score0.78395EPSS
Exploits0References4
nuclei
nuclei
added 2 days ago23 views

ProjectSend <= r1605 - Improper Authorization

An improper authorization check was identified within ProjectSend version r1605 that allows an attacker to perform sensitive actions such as enabling user registration and auto validation, or adding new entries in the whitelist of allowed extensions for uploaded files. Ultimately, this allows to...

9.8CVSS7.4AI score0.91559EPSS
Exploits4References3
ptsecurity
ptsecurity
added 2 days ago4 views

PT-2026-58653

Name of the Vulnerable Software and Affected Versions Windows Installer affected versions not specified Description Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally, which can lead to an elevation-of-privilege impact on the system...

7.8CVSS6.1AI score0.00284EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2 days ago5 views

PT-2026-58639

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper authorization allows an authorized attacker to elevate privileges over a network, enabling them to affect the system. Recommendations At the moment, there is no...

8.8CVSS7AI score0.00757EPSS
Exploits0References4
attackerkb
attackerkb
added 3 days ago4 views

CVE-2026-62188

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References3
nvd
nvd
added 3 days ago7 views

CVE-2026-15594

A vulnerability was found in waooAI waoowaoo up to 0.4.1. Impacted is the function stablePublicIdFromStorageKey in the library src/lib/media/hash.ts of the component Media Handler. The manipulation of the argument storageKey results in improper authorization. The attack may be performed from...

6.3CVSS0.00298EPSS
Exploits0References6
Rows per page
Query Builder