Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/05/20 2:27 a.m.14 views

CVE-2025-15369

CVE-2025-15369 affects the WordPress plugin Xpro Addons — 140+ Widgets for Elementor. All versions up to and including 1.5.0 are vulnerable due to a missing capability check in the get_content_editor function, enabling unauthenticated attackers to modify data and create published Xpro templates. ...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/24 11:2 a.m.23 views

CVE-2026-6043 Insecure Default Configuration in P4 Server

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

8.8CVSS0.00457EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/07 6:31 p.m.7 views

EUVD-2026-19767

MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...

5.9AI score0.00577EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/07 12:0 a.m.2 views

CVE-2026-31271

megagao productionssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert...

5.9AI score0.00554EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/02/27 7:38 p.m.4 views

CVE-2026-27793

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to version 3.1.0, the GET /api/v1/user/:id endpoint returns the full settings object for any user, including Pushover, Pushbullet, and Telegram credentials, to any authenticated requester regardless of...

9.8CVSS5.9AI score0.00506EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2025/12/21 3:15 a.m.4 views

CVE-2025-14043

The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...

5.3CVSS0.00301EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/12/13 12:0 a.m.3 views

PT-2025-51066

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary...

5.3CVSS6.1AI score0.00227EPSS
Exploits0References3
Prion
Prionadded 2020/02/17 3:15 a.m.14 views

Input validation

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...

5CVSS7.7AI score0.00911EPSS
Exploits1References1Affected Software5
Rows per page
Query Builder