Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

704 matches found

CNNVD
CNNVDadded 6 days ago2 views

WordPress plugin Soledad 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:27 p.m.7 views

CVE-2026-40134

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:18 p.m.8 views

CVE-2026-27681

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...

9.9CVSS6.2AI score0.00501EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/06/02 12:0 a.m.2 views

WordPress plugin Printeers Print & Ship 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

6.5CVSS5.5AI score0.00299EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/06/01 9:49 p.m.9 views

CVE-2026-24755

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/06/01 9:45 p.m.6 views

CVE-2026-24753

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2026/06/01 12:0 a.m.5 views

WordPress plugin Hydra Booking 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.3CVSS5.5AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/28 8:13 p.m.8 views

CVE-2026-45009

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/27 12:0 a.m.5 views

WordPress plugin Adminimize 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 8:16 a.m.8 views

CVE-2026-8046

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS0.00348EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/26 6:45 a.m.8 views

EUVD-2026-31799

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/19 12:0 a.m.9 views

WordPress plugin Presto Player 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/18 6:50 a.m.7 views

CVE-2026-28759 Insufficient authorization in shared channel membership sync allows remote cluster to remove users from arbitrary channels

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel,...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
NVD
NVDadded 2026/05/15 7:17 p.m.10 views

CVE-2026-45009

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

5.3CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/15 6:36 p.m.30 views

CVE-2026-45009 phpMyFAQ - Insufficient Authorization Check in Admin API Endpoints

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

5.3CVSS0.00168EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/15 6:36 p.m.5 views

EUVD-2026-30592

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/15 6:36 p.m.5 views

CVE-2026-45009

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/15 12:0 a.m.7 views

PT-2026-41356

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References3
NVD
NVDadded 2026/05/12 3:16 a.m.8 views

CVE-2026-40134

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

4.3CVSS0.00198EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/05/12 12:0 a.m.3 views

WordPress plugin Asset CleanUp: Page Speed Booster 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
Rows per page
Query Builder