CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21319 matches found

Positive Technologies•added 2026/04/29 12:0 a.m.•1 views

PT-2026-35901

Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through = 4.14.5...

5.3CVSS5.1AI score0.00191EPSS

Exploits0References1

Positive Technologies•added 2026/04/29 12:0 a.m.•5 views

PT-2026-35906

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.19.22...

4.3CVSS5.1AI score0.00165EPSS

Exploits0References1

Snyk•added 2026/04/28 10:44 p.m.•2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to improper access control in the transfer process. An attacker can retrieve unauthorized zone contents by exploiting the incorrect selection of access control list stanzas when both parent and subzone rules ar...

8.7CVSS5.8AI score0.00388EPSS

Exploits1References2

NVD•added 2026/04/27 4:16 p.m.•7 views

CVE-2026-41464

ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...

7.1CVSS0.00304EPSS

Exploits0References4

CVE•added 2026/04/27 3:10 p.m.•11 views

CVE-2026-41464

ProjeQtor versions 7.0–12.4.3 expose a missing authorization vulnerability in objectDetail.php. Authenticated users with guest-level privileges can access data belonging to other users (including password hashes and API keys) by directly hitting the endpoint without ownership or RBAC validation, ...

7.1CVSS5.3AI score0.00304EPSS

Exploits0References4

Vulnrichment•added 2026/04/27 3:10 p.m.•2 views

CVE-2026-41464 ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php

7.1CVSS5.3AI score0.00304EPSS

Exploits0References4

EUVD•added 2026/04/27 3:10 p.m.•5 views

EUVD-2026-25867

7.1CVSS5.3AI score0.00304EPSS

Exploits0References4

Cvelist•added 2026/04/27 3:10 p.m.•27 views

CVE-2026-41464 ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php

7.1CVSS0.00304EPSS

Exploits0References4

CNNVD•added 2026/04/27 12:0 a.m.•5 views

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.9AI score0.00293EPSS

Exploits1References1

Snyk•added 2026/04/25 11:50 p.m.•3 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the policy enforcement process. An attacker can gain unauthorized access to restricted tools by leveraging bundled MCP or LSP tools that bypass configured tool...

5.4CVSS5.5AI score0.00706EPSS

Exploits0References2

Snyk•added 2026/04/24 4:17 p.m.•2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the Team API endpoints due to improper authorization checks in the TeamController process. An attacker can gain unauthorized access to modify any team's membership, customer assignments, project assignments, and...

3.3CVSS5.8AI score0.00247EPSS

Exploits1References2

Github Security Blog•added 2026/04/24 4:17 p.m.•11 views

Kimai has Missing Object-Level Authorization in the Team API

Summary The Team API endpoints use IsGranted'editteam' instead of IsGranted'edit', 'team', causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with the editteam permission to modify any team, not just teams they are...

3.3CVSS5.5AI score0.00247EPSS

Exploits1References4Affected Software1

CISA•added 2026/04/24 12:0 p.m.•8 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-7399link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726link is external SimpleHelp Missing Authorization Vulnerability...

9.9CVSS5.4AI score0.91941EPSS

In wildExploits4References9

NVD•added 2026/04/24 6:16 a.m.•0 views

CVE-2026-5347

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS0.00323EPSS

Exploits0References6

Cvelist•added 2026/04/24 5:29 a.m.•26 views

CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter

5.3CVSS0.00323EPSS

Exploits0References6

EUVD•added 2026/04/24 5:29 a.m.•4 views

EUVD-2026-25398

5.3CVSS5.8AI score0.00323EPSS

Exploits0References6

NVD•added 2026/04/24 4:16 a.m.•6 views

CVE-2026-5488

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...

5.3CVSS0.00258EPSS

Exploits0References8

Vulnrichment•added 2026/04/24 3:27 a.m.•3 views

CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token'

5.3CVSS5.3AI score0.00258EPSS

Exploits0References8