Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-20801

Malicious code in bioql PyPI...

5.5CVSS8.4AI score0.00016EPSS
Exploits0References8
CNVD
CNVDadded 2025/09/16 12:0 a.m.5 views

RuoYi License Issue Vulnerability

RuoYi is a backend management system for individual developers in China RuoYi RuoYi. RuoYi 4.8.1 and previous versions of the authorization problem vulnerability, the vulnerability stems from the file / system / role / authUser / cancelAll in the parameter roleId and userIds there is improper...

5.5CVSS5.5AI score0.00062EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 3:38 a.m.6 views

CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

8.8CVSS7.2AI score0.70006EPSS
Exploits3References1
RedhatCVE
RedhatCVEadded 2025/05/22 10:48 p.m.2 views

CVE-2022-3024

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored...

5.4CVSS5.9AI score0.0007EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:10 a.m.3 views

CVE-2019-19989

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization...

7.5CVSS7.1AI score0.00425EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/04/12 2:51 p.m.25 views

CVE-2025-0362

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf...

6.5CVSS6.4AI score0.00052EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/04/01 12:0 a.m.2 views

PT-2025-14264 · WordPress · Wp Multi Store Locator

Name of the Vulnerable Software and Affected Versions: WP Multistore Locator versions n/a through 2.5.2 Description: A Cross-Site Request Forgery CSRF issue allows unauthorized actions to be performed on behalf of a user. This can lead to various security problems, including data modification or...

4.3CVSS6.4AI score0.00287EPSS
Exploits0References4
CVE
CVEadded 2025/02/17 2:1 p.m.69 views

CVE-2025-1391

CVE-2025-1391 : The issue is an improper authorization in the Keycloak organization mapper, where a user can be misrepresented as belonging to an organization in tokens if their username or email matches the organization’s domain pattern. The flaw is confined to token claims and does not imply tr...

5.4CVSS6.7AI score0.0009EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2023/02/03 12:0 a.m.2 views

PT-2023-14161 · Wepa · Wepa Print Away

Name of the Vulnerable Software and Affected Versions: WEPA Print Away affected versions not specified Description: The issue arises from the lack of verification of user authorization to access documents before generating print orders and associated release codes. This could allow an attacker to...

6.5CVSS5.3AI score0.00198EPSS
Exploits0References4
Rows per page
Query Builder