Lucene search
K

21408 matches found

Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.9 views

PT-2026-4188

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through = 4.11.63...

5.4AI score0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.5 views

PT-2026-4048

Name of the Vulnerable Software and Affected Versions renatoatshown Shown Connector versions through 1.2.10 Description An authorization issue exists in renatoatshown Shown Connector shown-connector. The issue involves incorrectly configured access control security levels, potentially allowing...

5.3AI score0.00318EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.14 views

PT-2026-4245

Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through 1.7.5...

5.4AI score0.00208EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.8 views

PT-2026-4269

Missing Authorization vulnerability in Element Invader Element Invader Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader Template Kits for Elementor: from n/a through = 1.2.4...

5.4AI score0.00202EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.9 views

PT-2026-4249

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.9...

5.4AI score0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.5 views

PT-2026-4059

Name of the Vulnerable Software and Affected Versions Onepay Payment Gateway For WooCommerce versions n/a through 1.1.2 Description The Onepay Payment Gateway For WooCommerce software contains a missing authorization issue. This allows exploitation due to incorrectly configured access control...

5.2AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.5 views

PT-2026-4045

Name of the Vulnerable Software and Affected Versions e-plugins Lawyer Directory versions through 1.3.3 Description An authorization issue exists in e-plugins Lawyer Directory, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update e-plugins...

5.3AI score0.00325EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.8 views

PT-2026-4261

Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through = 1.8.16...

5.4AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.10 views

PT-2026-4253

Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through = 10.2.4...

5.4AI score0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.6 views

PT-2026-4075

Name of the Vulnerable Software and Affected Versions Easy Property Listings versions through 3.5.17 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for potential exploitation of the system...

5.2AI score0.00284EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/21 10:23 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...

6CVSS5.7AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/21 10:23 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...

6CVSS5.7AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/21 10:23 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...

6CVSS5.7AI score0.00303EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/20 10:53 p.m.10 views

WordPress NotificationX plugin <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset vulnerability

Missing Authorization to Authenticated Contributor+ Analytics Reset vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin NotificationX versions = 3.1.11...

4.3CVSS5.5AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/20 10:52 p.m.12 views

WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update vulnerability

WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin = 1.1.12 - Missing Authorization to Authenticated Contributor+ Arbitrary Options Update vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Creator LMS versions = 1.1.12...

8.8CVSS5.5AI score0.00271EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/01/20 5:14 p.m.7 views

EUVD-2026-3318

Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion...

3.7CVSS5.3AI score0.00194EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/20 2:26 p.m.3 views

CVE-2026-0554 NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset

The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS5.5AI score0.00264EPSS
Exploits0References3
CVE
CVE
added 2026/01/20 2:26 p.m.17 views

CVE-2026-0554

CVE-2026-0554 pertains to the NotificationX WordPress plugin (versions up to 3.1.11) and describes a missing capability check on the REST endpoints /wp-json/notificationx/v1/campaigns/{campaign_id}/regenerate and /wp-json/notificationx/v1/campaigns/{campaign_id}/reset. This allows authenticated u...

4.3CVSS5.5AI score0.00264EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/20 2:26 p.m.5 views

CVE-2025-15347 Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the getitemspermissionscheck function in all versions up to, and including, 1.1.12. This...

8.8CVSS5.7AI score0.00271EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : rh-postgresql12-postgresql-12.4-1.0.1.el7.AXS7 (AXSA:2020-947:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-947:01 advisory. postgresql: Uncontrolled search path element in logical replication CVE-2020-14349 postgresql: Uncontrolled search path element in CREATE EXTENSION...

7.3CVSS7.5AI score0.02235EPSS
Exploits0References4
Rows per page
Query Builder