Lucene search
K

21748 matches found

ATTACKERKB
ATTACKERKB
added 6 hours ago3 views

CVE-2026-59255

BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...

7.1CVSS6.1AI score
Exploits0References5
CVE
CVE
added 11 hours ago7 views

CVE-2026-46459

ICU Scandinavia Boomerang is affected by a missing authentication vulnerability in its device receiver endpoints. An unauthenticated remote attacker can read full facility configurations and write unauthorized data to the sensor database. The issue is mitigated by upgrading to version 2.4.18.029....

5.3CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 11 hours ago8 views

CVE-2026-46459 Missing Authorization in ICU Scandinavia Boomerang

ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database. This issue has been fixed in version 2.4.18.029...

5.3CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 13 hours ago6 views

CVE-2026-59235

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 13 hours ago4 views

EUVD-2026-44608

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 13 hours ago11 views

CVE-2026-59235 Missing authorization in Prospero Flow CRM allows low-privileged users to read all bank accounts

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS
Exploits0References3
Nuclei
Nuclei
added 19 hours ago32 views

WCFM Membership <= 2.10.0 - Broken Access Control

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks true the AJAX actions: wcfm-memberships, wcfm-memberships-manage, and wcfm-memberships-settings. id: CVE-2022-4940 info:...

7.3CVSS6.8AI score0.01084EPSS
Exploits0References3
Nuclei
Nuclei
added 19 hours ago61 views

WordPress RSVP and Event Management <2.7.8 - Missing Authorization

WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as...

5.3CVSS6.2AI score0.03764EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago17 views

PublishPress Capabilities < 2.3.1 - Missing Authorization

The PublishPress Capabilities plugin for WordPress before 2.3.1 does not have proper authorization and CSRF checks when updating settings via the init hook, allowing unauthenticated attackers to update arbitrary blog options, such as setting the default role to administrator. id: CVE-2021-25032...

9.8CVSS7.1AI score0.06745EPSS
Exploits2References4
Nuclei
Nuclei
added 19 hours ago15 views

LottieFiles WordPress Plugin <= 3.0.0 - Missing Authorization

LottieFiles LottieFiles = 3.0.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers exploit missing authorization, exploit requires no special privileges. id: CVE-2025-68043 info: name: LottieFiles WordPress Plugin =...

7.3CVSS6.1AI score0.00588EPSS
Exploits0References3
Nuclei
Nuclei
added 19 hours ago41 views

WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization

WPZOOM Social Icons Widget & Block versions up to 4.2.15 contain a missing authorization vulnerability caused by insufficient access control in the widget and block, letting attackers perform unauthorized actions, exploit requires no special conditions. id: CVE-2024-30464 info: name: WPZOOM Socia...

8.8CVSS7AI score0.01517EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-15752

A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endpoint. Performing a manipulation results in missing authorization. The attack may be initiated...

7.5CVSS
Exploits0References7
Cvelist
Cvelist
added yesterday32 views

CVE-2026-15752 zhinianboke xianyu-auto-reply Backend User Endpoint users authorization

A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endpoint. Performing a manipulation results in missing authorization. The attack may be initiated...

7.5CVSS
Exploits0References7
NVD
NVD
added yesterday3 views

CVE-2026-55052

Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-58279

CVE-2026-58279 affects Azure CycleCloud. The issue is missing authorization that could allow an authorized attacker to elevate privileges over a network, with integrity impact high and CVSS v3.1 base score 6.5. The attack vector is network; privileges required are low and user interaction is none...

6.5CVSS6.1AI score
Exploits0References1
NCSC
NCSC
added yesterday4 views

Vulnerabilities in SAP-products

SAP has identified vulnerabilities in the following SAP NetWeaver Application Server ABAP, SAP Approuter, SAP Commerce Cloud, SAP NetWeaver Application Server Java, SAProuter, SAP Change and Transport System Attach Tool, SAP NetWeaver Enterprise Portal, SAP S/4HANA modules, SAP Fiori Launchpad, S...

9.9CVSS7.1AI score0.01339EPSS
Exploits7
NVD
NVD
added yesterday6 views

CVE-2026-11802

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wpajaxnoprivregistrationaction AJAX action, lacks any nonce verification or capability check, and...

5.3CVSS0.00311EPSS
Exploits0References8
EUVD
EUVD
added yesterday5 views

EUVD-2026-43610

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wpajaxnoprivregistrationaction AJAX action, lacks any nonce verification or capability check, and...

5.3CVSS6AI score0.00311EPSS
Exploits0References8
Cvelist
Cvelist
added yesterday30 views

CVE-2026-11802 FoodBook Lite <= 1.5.6 - Missing Authorization to Unauthenticated User Registration via 'registration_action' AJAX Action

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wpajaxnoprivregistrationaction AJAX action, lacks any nonce verification or capability check, and...

5.3CVSS0.00311EPSS
Exploits0References8
EUVD
EUVD
added yesterday4 views

EUVD-2026-43575

Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php executes bucket commands ls, upload, removefiles, rename, createfolder without performing any ACL or role check. Any authenticated...

8.8CVSS6.1AI score0.00283EPSS
Exploits0References5
Rows per page
Query Builder