CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

NVD•added 2026/05/14 5:16 a.m.•10 views

CVE-2026-7525

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS0.00341EPSS

Exploits0References12

Positive Technologies•added 2026/05/14 12:0 a.m.•6 views

PT-2026-40850

4.3CVSS5.8AI score0.00341EPSS

Exploits0References13

OSV•added 2026/04/20 6:31 a.m.•4 views

GHSA-F3Q6-69F3-VWCH FastChat has a Content Moderation Bypass via Arena Side-by-Side Views

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

6.9CVSS5.7AI score0.00308EPSS

Exploits0References7

RedhatCVE•added 2026/04/01 11:1 p.m.•2 views

CVE-2026-34738

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and dra...

4.3CVSS6AI score0.00238EPSS

Exploits1References1

EUVD•added 2026/04/01 9:7 p.m.•5 views

EUVD-2026-17656

AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter...

4.3CVSS5.8AI score0.00238EPSS

Exploits1References3

Github Security Blog•added 2026/04/01 9:7 p.m.•5 views

AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

Summary AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and draft workflows. The setStatus method validates the status code again...

4.3CVSS6.1AI score0.00238EPSS

Exploits1References4Affected Software1

OSV•added 2026/04/01 9:7 p.m.•3 views

GHSA-M577-W9J8-CH7J AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

4.3CVSS6.1AI score0.00238EPSS

Exploits1References4

NVD•added 2026/03/31 9:16 p.m.•1 views

CVE-2026-34738

4.3CVSS0.00238EPSS

Exploits1References1

Cvelist•added 2026/03/31 8:55 p.m.•19 views

CVE-2026-34738 AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

4.3CVSS0.00238EPSS

Exploits1References1

CVE•added 2026/03/31 8:55 p.m.•4 views

CVE-2026-34738

CVE-2026-34738 affects WWBN AVideo (

4.3CVSS5.9AI score0.00238EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/03/31 8:55 p.m.•2 views

CVE-2026-34738 AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

4.3CVSS5.9AI score0.00238EPSS

Exploits1References1

OSV•added 2026/03/31 8:55 p.m.•3 views

CVE-2026-34738 AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

4.3CVSS6AI score0.00238EPSS

Exploits1References3

Positive Technologies•added 2026/03/31 12:0 a.m.•1 views

PT-2026-29365

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 26.0 Description AVideo is an open source video platform. Versions 26.0 and earlier allow any uploader to set a video’s status to any valid state, including "active", through the overrideStatus request parameter. This...

4.3CVSS5.9AI score0.00238EPSS

Exploits1References4

CNNVD•added 2026/03/31 12:0 a.m.•5 views

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an authorization vulnerability. This vulnerability stemmed from the lack of permission verification for the overrideStatus parameter in the video processing...

4.3CVSS5.8AI score0.00238EPSS

Exploits1References2

ATTACKERKB•added 2026/03/23 11:58 p.m.•4 views

CVE-2026-33290

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...

4.3CVSS5.8AI score0.00177EPSS

Exploits0References3Affected Software1

CVE•added 2026/03/23 11:58 p.m.•7 views

CVE-2026-33290

WPGraphQL (WordPress) before 2.10.0 has an authorization flaw in updateComment that lets authenticated low-privileged users (including roles with zero capabilities) alter their own comment’s moderation status (e.g., APPROVE) without moderate_comments permission. Details from the CVE show owner-ba...

4.3CVSS5.8AI score0.00177EPSS

Exploits0References2

OSV•added 2026/03/23 11:58 p.m.•6 views

CVE-2026-33290 WPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permission

4.3CVSS5.9AI score0.00177EPSS

Exploits0References4

Positive Technologies•added 2026/03/23 12:0 a.m.•5 views

PT-2026-27271

4.3CVSS5.8AI score0.00177EPSS

Exploits0References3

EUVD•added 2026/03/01 12:30 a.m.•4 views

EUVD-2026-9103

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...

5.3CVSS6AI score0.00268EPSS

Exploits0References4

NVD•added 2026/02/28 10:16 p.m.•4 views

CVE-2026-28554

5.3CVSS0.00268EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by