CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

21388 matches found

RedhatCVE•added 2026/02/21 7:30 p.m.•3 views

CVE-2025-68023

Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through = 1.1.17...

6.5CVSS5.1AI score0.00323EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 7:29 p.m.•4 views

CVE-2025-68021

Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through = 269.9...

6.5CVSS5.8AI score0.00323EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 7:29 p.m.•3 views

CVE-2025-53217

Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through = 2.0.2...

7.6CVSS5.5AI score0.00204EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 7:29 p.m.•6 views

CVE-2026-24944

Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through = 10.44...

6.5CVSS5.5AI score0.0017EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 7:29 p.m.•4 views

CVE-2026-22351

Missing Authorization vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through = 1.6...

7.5CVSS5.5AI score0.00287EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 7:29 p.m.•8 views

CVE-2026-24946

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through = 5.8.0...

6.5CVSS5.5AI score0.00199EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 7:29 p.m.•5 views

CVE-2026-24941

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.4...

7.5CVSS5.6AI score0.00248EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 7:29 p.m.•5 views

CVE-2024-43228

Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

5.3CVSS5.5AI score0.00243EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 7:29 p.m.•4 views

CVE-2024-34438

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.19...

5.3CVSS5.5AI score0.00255EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 7:29 p.m.•2 views

CVE-2024-54222

Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through = 2.22.15...

4.3CVSS5.5AI score0.00273EPSS

Exploits0References1

CVE•added 2026/02/21 9:27 a.m.•14 views

CVE-2025-14339

The weMail WordPress plugin (versions up to 2.0.7) is vulnerable to unauthorized deletion of all forms. The root cause is Forms::permission() only validating the X-WP-Nonce header without checking user capabilities, and the REST nonce is exposed to unauthenticated visitors via the weMail JavaScri...

6.5CVSS5.5AI score0.00262EPSS

Exploits0References5

RedhatCVE•added 2026/02/21 7:26 a.m.•5 views

CVE-2026-2819

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...

6.5CVSS6.1AI score0.00253EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 1:31 a.m.•8 views

CVE-2026-27327

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...

4.3CVSS5.9AI score0.002EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 1:31 a.m.•9 views

CVE-2026-27387

Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through = 3.6.26...

5.4CVSS5.9AI score0.00233EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 1:31 a.m.•7 views

CVE-2026-27328

Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through = 2.0.7...

5.3CVSS5.4AI score0.00242EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 1:28 a.m.•6 views

CVE-2025-30416

Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 39938, Acronis Cyber Protect 15 Linux, Windows before build 41800...

10CVSS8.5AI score0.00438EPSS

Exploits0References1

Vulnrichment•added 2026/02/20 9:17 p.m.•4 views

CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.5AI score0.00175EPSS

Exploits0References2

Cvelist•added 2026/02/20 9:17 p.m.•27 views

CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS0.00175EPSS

Exploits0References2

NVD•added 2026/02/20 4:22 p.m.•14 views

CVE-2026-24946

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through = 5.8.0...

6.5CVSS0.00199EPSS

Exploits0References1

NVD•added 2026/02/20 4:22 p.m.•9 views

CVE-2026-24941

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.4...

7.5CVSS0.00248EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by