Lucene search
K

4789 matches found

Veracode
Veracode
added 2026/05/15 9:28 p.m.48 views

Information Disclosure

Zabbix is vulnerable to an information disclosure. The vulnerability is due to the reuse of JavaScript Duktape contexts in Zabbix Server/Proxy, which allows a regular non-super administrator to leak sensitive data from hosts they are not authorized to access through shared global JavaScript...

7.1CVSS5.8AI score0.00154EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/15 9:16 a.m.38 views

CVE-2026-4683

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

6.5CVSS0.00262EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 7:46 a.m.21 views

EUVD-2026-30515

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References4
NVD
NVD
added 2026/05/15 7:16 a.m.25 views

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 6:45 a.m.22 views

EUVD-2026-30507

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS5.7AI score0.00273EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/15 6:45 a.m.52 views

CVE-2026-4094 FOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/05/15 6:45 a.m.18 views

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce WordPress plugin (versions up to and including 1.4.5) is affected by an unauthorized data-loss vulnerability due to a missing capability check on the admin_head function, enabling authenticated attackers with Contributor-level access (and s...

8.1CVSS5.7AI score0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/05/15 2:45 a.m.15 views

CVE-2025-54511

CVE-2025-54511 affects the AMD Secure Processor (ASP). The AMD bulletin and NVD entry state that improper handling of insufficient privileges could allow an attacker to provide an input value to a function without sufficient privileges and write data, potentially impacting integrity and availabil...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.14 views

PT-2026-41268

Name of the Vulnerable Software and Affected Versions FOX – Currency Switcher Professional for WooCommerce versions prior to 1.4.6 Description The plugin is susceptible to unauthorized data loss because the admin head function lacks a proper capability check. Authenticated users with...

8.1CVSS5.8AI score0.00273EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2026/05/14 5:1 p.m.20 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 5:1 p.m.34 views

CVE-2026-44283

CVE-2026-44283 affects etcd, a distributed key-value store. The issue: in nested transaction operations, read access via PrevKv or lease attachment in Put requests can bypass RBAC authorization checks. This could allow an authenticated user with limited read or lease permissions to access data th...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/14 6:16 a.m.10 views

CVE-2026-3829

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...

5.4CVSS0.00202EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 5:30 a.m.9 views

EUVD-2026-30228

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.21 views

PT-2026-41199

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description The API endpoint '/api/v1/notes/note id' lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating note id UUIDs. This...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:20 p.m.7 views

CVE-2026-44448

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0...

5.9CVSS5.8AI score0.00145EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/13 1:16 p.m.9 views

CVE-2026-3426

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the savewidget and resetallwidgets functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Author-lev...

4.3CVSS0.00288EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.14 views

mem0 server lacks authentication and authorization controls for its memory deletion API endpoint

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

6.5CVSS6AI score0.00386EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/12 3:31 a.m.13 views

EUVD-2026-29362

Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...

5.4CVSS5.8AI score0.0019EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 3:16 a.m.20 views

CVE-2026-40132

Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...

5.4CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.33 views

CVE-2026-31241

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

0.00386EPSS
Exploits0References2
Rows per page
Query Builder