Lucene search
K

2817 matches found

EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-43534

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-43538

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-43570

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester...

8.1CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-43569

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...

7.1CVSS6.2AI score
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-61983

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...

5.3CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-59523

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.11.11...

6.5CVSS0.00266EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-61968

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 3.1.2...

5.4CVSS0.00287EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57778

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...

5.3CVSS0.00285EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57779

Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through = 1.1.5...

5.3CVSS0.00285EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spacetime Ad Inserter ad-inserter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ad Inserter: from n/a through = 2.8.11...

6.5CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57418

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.13...

6.5CVSS0.0034EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57408

Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through = 4.0.2...

6.5CVSS0.00332EPSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-57395

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.22.5...

6.5CVSS0.0034EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57392

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.22.5...

6.5CVSS0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57797 WordPress EduMall theme <= 4.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through = 4.5.1...

4.3CVSS0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57412 WordPress Gift Vouchers plugin <= 4.6.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a through = 4.6.9...

6.5CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57694

CVE-2026-57694 affects the WordPress Tutor LMS plugin up to version 3.9.13, describing an insecure direct object reference (IDOR) vulnerability that enables an authorization bypass via a user-controlled key. The root cause is misconfigured access controls that allow access to restricted resources...

6.5CVSS6.1AI score0.00335EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 6 days ago3 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the...

10CVSS5.9AI score0.0044EPSS
Exploits0References8
EUVD
EUVD
added last week5 views

EUVD-2026-42055

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:33 a.m.9 views

CVE-2026-57760

Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References2
Rows per page
Query Builder