Lucene search
+L

173 matches found

NVD
NVD
added 2026/04/16 7:16 a.m.8 views

CVE-2026-1572

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler laeadminajax and insufficient...

6.4CVSS0.00322EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/16 6:44 a.m.5 views

CVE-2026-1572

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler laeadminajax and insufficient...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References10
NVD
NVD
added 2026/04/14 12:16 a.m.4 views

CVE-2026-27676

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

4.3CVSS0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 12:7 a.m.3 views

EUVD-2026-22148

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

SAP ERP和SAP S/4HANA 安全漏洞

SAP ERP and SAP S/4HANA are both products of the German company SAP. SAP ERP is a suite of software used for ERP management. SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system. There are security vulnerabilities in SAP ERP and SAP S/4HANA...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References2
CNVD
CNVD
added 2026/04/10 12:0 a.m.4 views

Unspecified Vulnerability in WordPress Plugin Listeo Core

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Listeo Core, which stems from a lack of...

5.3CVSS5.5AI score0.00304EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/23 10:25 p.m.34 views

CVE-2026-4066 Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

4.3CVSS0.00289EPSS
Exploits0References5
Veracode
Veracode
added 2026/03/20 1:13 p.m.7 views

Improper Access Control

OneUptime is vulnerable to Improper Access Control. The vulnerability is due to missing authorization checks on account creation APIs, which allows a low-privileged user to create new accounts via direct API requests...

8.8CVSS5.8AI score0.00275EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 12:0 a.m.2 views

CVE-2025-69727

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

5.8AI score0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

SAP NetWeaver Application Server for ABAP 安全漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver Application Server for ABAP, which stems from the lack of authorization checks. This vulnerability may allow authenticated...

5CVSS5.8AI score0.0023EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 11:54 p.m.3 views

CVE-2026-28720

Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

4.3CVSS5.9AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/25 6:43 p.m.20 views

CVE-2026-25927 OpenEMR Missing Authorization Checks in DICOM Viewer State API

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API e.g. upload or state save/load accepts a document ID docid without verifying that the document belongs to the current user’s authorized patie...

7.1CVSS0.00204EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/18 7:25 a.m.6 views

CVE-2026-1655

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

4.3CVSS5.5AI score0.00281EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/10 3:4 a.m.2 views

CVE-2026-24322 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)

SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability...

7.7CVSS5.4AI score0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/10 3:2 a.m.4 views

CVE-2026-23688 Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/10 3:0 a.m.3 views

CVE-2026-0486 Missing Authorization Check in ABAP based SAP systems

In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted...

5CVSS5.5AI score0.00168EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

Fortinet FortiAuthenticator 安全漏洞

Fortinet FortiAuthenticator is a centralized user identity management solution provided by the American company Fortinet. Vulnerabilities exist in versions 6.6.0 to 6.6.6, 6.5 all versions, 6.4 all versions, and 6.3 all versions of FortiAuthenticator. These vulnerabilities stem from the lack of...

7.2CVSS5.8AI score0.00336EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

SAP Fiori app 安全漏洞

The SAP Fiori App is a corporate application developed by the German company SAP. The SAP Fiori App has a security vulnerability, which stems from failing to perform necessary authorization checks on authenticated users, potentially leading to privilege escalation...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

SAP Strategic Enterprise Management 安全漏洞

SAP Strategic Enterprise Management is a corporate strategic management software developed by the German company SAP. There is a security vulnerability in SAP Strategic Enterprise Management, which stems from the lack of authorization checks, potentially allowing unauthorized access to informatio...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/06 6:46 a.m.32 views

CVE-2025-10753 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the 'oauthredirect' opti...

5.3CVSS0.00334EPSS
Exploits0References3
Rows per page
Query Builder