Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21409 matches found

OSV
OSVadded 2026/05/13 11:45 a.m.2 views

MINI-36MX-MR33-3QW2

Bulletin has no description...

7.5CVSS5.7AI score0.00022EPSS
Exploits0
OSV
OSVadded 2026/05/13 11:45 a.m.5 views

MINI-2MMQ-FJCJ-R4FM

Bulletin has no description...

9.1CVSS5.7AI score0.00016EPSS
Exploits1
OSV
OSVadded 2026/05/13 11:0 a.m.1 views

MINI-H2M2-59Q3-4786

Bulletin has no description...

9.1CVSS5.7AI score0.00016EPSS
Exploits1
NVD
NVDadded 2026/05/13 6:16 a.m.5 views

CVE-2026-6965

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS0.00081EPSS
Exploits0References53
ATTACKERKB
ATTACKERKBadded 2026/05/13 5:29 a.m.5 views

CVE-2026-6965

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS5.7AI score0.00081EPSS
Exploits0References54
EUVD
EUVDadded 2026/05/13 5:29 a.m.11 views

EUVD-2026-29914

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS5.7AI score0.00081EPSS
Exploits0References53
Vulnrichment
Vulnrichmentadded 2026/05/13 5:29 a.m.6 views

CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS5.7AI score0.00081EPSS
Exploits0References53
NVD
NVDadded 2026/05/13 5:16 a.m.5 views

CVE-2025-14755

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

5.3CVSS0.00044EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/05/13 3:35 a.m.4 views

SUSE CVE-2026-43301

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix PM runtime usage count underflow Replace pmruntimeputsync with pmruntimedontuseautosuspend in the remove path to properly pair with pmruntimeuseautosuspend from probe. This allows pmruntimedisable t...

5.7AI score0.00013EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/05/13 3:34 a.m.3 views

SUSE CVE-2026-43375

In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...

5.8AI score0.00013EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/05/13 3:34 a.m.5 views

SUSE CVE-2026-43396

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dmafencechainalloc fails, properly release the user fence reference to prevent a memory leak. cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0...

5.8AI score0.00013EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/05/13 3:34 a.m.6 views

SUSE CVE-2026-43399

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpuuserqwaitioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd2...

5.8AI score0.00013EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/13 3:26 a.m.4 views

EUVD-2025-209816

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

5.3CVSS5.8AI score0.00044EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/13 3:26 a.m.30 views

CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

5.3CVSS0.00044EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/13 3:26 a.m.4 views

CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

5.3CVSS5.8AI score0.00044EPSS
Exploits0References3
CVE
CVEadded 2026/05/13 3:26 a.m.8 views

CVE-2025-14755

The Cost Calculator Builder plugin for WordPress (

5.3CVSS5.8AI score0.00044EPSS
Exploits0References3
Oracle linux
Oracle linuxadded 2026/05/13 12:0 a.m.13 views

kernel security update

5.14.0-611.55.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

8.8CVSS6AI score0.38453EPSS
Exploits29
Oracle linux
Oracle linuxadded 2026/05/13 12:0 a.m.8 views

kernel security update

4.18.0-553.124.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

8.8CVSS6AI score0.38453EPSS
Exploits29
Positive Technologies
Positive Technologiesadded 2026/05/13 12:0 a.m.8 views

PT-2026-40580

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the get course id by function unconditionally trusting the user-supplied course GET parameter as the authoritative cour...

5.3CVSS5.7AI score0.00081EPSS
Exploits0References53
Grafana
Grafanaadded 2026/05/13 12:0 a.m.4 views

IDOR in Annotations API allows unprivileged users to DELETE annotation

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

4.3CVSS5.8AI score0.00013EPSS
Exploits0
Rows per page
Query Builder