Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21395 matches found

NVD
NVDadded 2026/02/06 9:15 a.m.12 views

CVE-2026-1499

The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the processaddsite AJAX action combined with path traversal in the file upload functionality. This...

8.8CVSS0.0094EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/02/06 8:25 a.m.4 views

CVE-2026-1499

The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the processaddsite AJAX action combined with path traversal in the file upload functionality. This...

9.8CVSS6.2AI score0.0094EPSS
Exploits0References10
Vulnrichment
Vulnrichmentadded 2026/02/06 6:46 a.m.3 views

CVE-2026-1401 Tune Library <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via CSV Import

The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/02/06 6:46 a.m.25 views

CVE-2025-10753 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the 'oauthredirect' opti...

5.3CVSS0.00334EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/02/06 1:25 a.m.6 views

CVE-2026-1897

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

5.3CVSS4.6AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/02/05 1:22 p.m.6 views

CVE-2025-15260

The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...

6.5CVSS6AI score0.00274EPSS
Exploits2References1
NVD
NVDadded 2026/02/05 10:16 a.m.8 views

CVE-2026-1294

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...

7.2CVSS0.00293EPSS
Exploits0References3
NVD
NVDadded 2026/02/05 10:16 a.m.4 views

CVE-2025-14079

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...

5.3CVSS0.00268EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/05 9:13 a.m.5 views

CVE-2025-14079 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...

5.3CVSS5.4AI score0.00268EPSS
Exploits0References3
CVE
CVEadded 2026/02/05 9:13 a.m.19 views

CVE-2025-14079

CVE-2025-14079 affects the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress, up to version 3.3.5. The root cause is missing capability checks on eh_crm_ticket_general combined with a shared nonce exposed to low-privilege users, allowing authenticated attackers with Subscri...

5.3CVSS5.3AI score0.00268EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/05 9:13 a.m.24 views

CVE-2025-14079 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...

5.3CVSS0.00268EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/05 9:13 a.m.5 views

CVE-2025-14079

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...

5.3CVSS5.4AI score0.00268EPSS
Exploits0References4
EUVD
EUVDadded 2026/02/05 9:13 a.m.4 views

EUVD-2025-206869

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...

5.3CVSS5.4AI score0.00268EPSS
Exploits0References3
CVE
CVEadded 2026/02/05 8:25 a.m.23 views

CVE-2025-13416

The CVE-2025-13416 relates to the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. Affected versions are all up to and including 5.9.7.2. Root cause: missing capability check in the pm_deactivate_user_from_group() function, enabling authenticated users with Subscriber-level a...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References4
OSV
OSVadded 2026/02/05 1:15 a.m.4 views

CVE-2026-1897

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

4.3CVSS4.9AI score
Exploits0References6
Snyk
Snykadded 2026/02/05 12:38 a.m.3 views

Missing Authorization

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authorization via the WebSocket. An attacker can overwrite arbitrary device tags or disable communication drivers by sending crafted WebSocket message...

9.3CVSS5.7AI score0.00479EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/02/05 12:2 a.m.5 views

CVE-2026-1897

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

5.3CVSS4.9AI score0.003EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/02/05 12:0 a.m.7 views

PT-2026-6076

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.21 Description A flaw exists in WeKan related to missing authorization within the Position-History Tracking component, specifically in the file server/methods/positionHistory.js. This issue allows for remote...

5.3CVSS5.4AI score0.003EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2026/02/05 12:0 a.m.8 views

PT-2026-5878

Name of the Vulnerable Software and Affected Versions ELEX WordPress HelpDesk & Customer Ticketing System versions through 3.3.5 Description The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is susceptible to a missing authorization issue. This is caused by a lack of...

5.3CVSS5.4AI score0.00268EPSS
Exploits0References8
Patchstack
Patchstackadded 2026/02/04 10:50 p.m.8 views

WordPress ProfileGrid - User Profiles, Groups and Communities plugin <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension vulnerability

WordPress ProfileGrid - User Profiles, Groups and Communities plugin = 5.9.7.2 - Missing Authorization to Authenticated Subscriber+ Arbitrary User Suspension vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ProfileGrid versions = 5.9.7.2...

4.3CVSS5.4AI score0.00282EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder