CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21035 matches found

CVE-2026-5228

Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp Mobile App: from 1.3.0 through 04062026...

8.8CVSS

Exploits0References1

NVD•added 3 hours ago•4 views

CVE-2026-10815

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS

Exploits0References6

Github Security Blog•added 4 hours ago•2 views

Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project

This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user without membership in the target project to bypass OPA authorization checks on write paths PUT /api/projects/id, DELETE /api/projects and modify or delete any project along with all its...

6AI score

Exploits0References5Affected Software1

ATTACKERKB•added 5 hours ago•1 views

CVE-2026-5228

8.8CVSS5.8AI score

Exploits0References2Affected Software1

EUVD•added 5 hours ago•2 views

EUVD-2026-34283

8.8CVSS5.8AI score

Exploits0References1

Vulnrichment•added 5 hours ago•2 views

CVE-2026-5228 Improper Access Control in Kurt Software Studio's WriteUp Mobile App

8.8CVSS5.8AI score

Exploits0References1

Patchstack•added 10 hours ago•2 views

WordPress SP Project & Document Manager plugin <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure vulnerability

Missing Authorization to Unauthenticated Arbitrary File Information Disclosure vulnerability discovered by Namdn - Vncsglobal in WordPress Plugin SP Project & Document Manager versions = 4.71...

7.5CVSS5.8AI score

Exploits0References1Affected Software1

Cvelist•added 14 hours ago•7 views

CVE-2026-49190 Missing Per-Instruction Authorization Checks

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS

Exploits0References1

CVE•added 14 hours ago•8 views

CVE-2026-49190

Technical details (affected products, vulnerable component, root cause, exploit information) are not provided in the initial document or connected sources. Monitor for updates from official advisories.

9.4CVSS5.8AI score

Exploits0References1

Nuclei•added 16 hours ago•13 views

WCFM Membership <= 2.10.0 - Broken Access Control

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks true the AJAX actions: wcfm-memberships, wcfm-memberships-manage, and wcfm-memberships-settings. id: CVE-2022-4940 info:...

7.3CVSS6.9AI score0.04192EPSS

Exploits0References3

Nuclei•added 16 hours ago•9 views

LottieFiles WordPress Plugin <= 3.0.0 - Missing Authorization

LottieFiles LottieFiles = 3.0.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers exploit missing authorization, exploit requires no special privileges. id: CVE-2025-68043 info: name: LottieFiles WordPress Plugin =...

7.3CVSS5.8AI score0.01524EPSS

Exploits0References3

Nuclei•added 16 hours ago•7 views

WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization

WPZOOM Social Icons Widget & Block versions up to 4.2.15 contain a missing authorization vulnerability caused by insufficient access control in the widget and block, letting attackers perform unauthorized actions, exploit requires no special conditions. id: CVE-2024-30464 info: name: WPZOOM Socia...

8.8CVSS7.2AI score0.41698EPSS

Exploits0References1

Nuclei•added 16 hours ago•17 views

WordPress RSVP and Event Management <2.7.8 - Missing Authorization

WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as...

5.3CVSS6.1AI score0.11691EPSS

Exploits1References3

Cvelist•added 18 hours ago•8 views

CVE-2026-10737 SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS

Exploits0References4

Positive Technologies•added 19 hours ago•4 views

PT-2026-46261

8.8CVSS5.8AI score

Exploits0References2

CVE•added 2 days ago•6 views

CVE-2026-10616

CVE-2026-10616 affects nextlevelbuilder GoClaw up to 3.11.3. The vulnerability resides in TeamTasksTool.executeComplete (internal/tools/team_tasks_lifecycle.go), where a manipulation can lead to missing authorization. The issue can be exploited remotely and the exploit has been made publicly avai...

5.3CVSS5.5AI score0.0003EPSS

Exploits0References6

NVD•added 2 days ago•6 views

CVE-2026-49782

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...

5.4CVSS0.00025EPSS

Exploits0References1

NVD•added 2 days ago•8 views

CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS0.00036EPSS

Exploits0References1

Cvelist•added 2 days ago•34 views

CVE-2026-49782 WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability

5.4CVSS0.00025EPSS

Exploits0References1

EUVD•added 2 days ago•4 views

EUVD-2026-33933

5.4CVSS5.8AI score0.00025EPSS

Exploits0References1

Rows per page