CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...

5.4CVSS6.3AI score0.00075EPSS

Exploits0References1

Positive Technologies•added 2025/08/22 12:0 a.m.•2 views

PT-2025-34349 · Wpsoul · Greenshift

Name of the Vulnerable Software and Affected Versions: Greenshift versions through 12.1.1 Description: A missing authorization flaw exists in wpsoul Greenshift, allowing exploitation of incorrectly configured access control security levels. Recommendations: At the moment, there is no information...

4.3CVSS6.9AI score0.00055EPSS

Exploits0References4

Positive Technologies•added 2025/07/16 12:0 a.m.•3 views

PT-2025-29745 · Smtp2Go · Smtp2Go

Name of the Vulnerable Software and Affected Versions: SMTP2GO versions n/a through 1.12.1 Description: The SMTP2GO software contains a missing authorization flaw that allows exploiting incorrectly configured access control security levels. Recommendations: At the moment, there is no information...

4.3CVSS6.1AI score0.00168EPSS

Exploits0References3

Positive Technologies•added 2025/07/08 12:0 a.m.•1 views

PT-2025-28292 · Sap Se · Sap Netweaver/Abap Platform

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is due to a missing authorization check, allowing an attacker authenticated as a non-administrative user to call a remote-enabled function module. This could enable access to...

4.3CVSS5.9AI score0.0016EPSS

Exploits0References4

Positive Technologies•added 2025/07/07 12:0 a.m.•1 views

PT-2025-28247 · Mediawiki · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - AbuseFilter Extension versions 1.39.0 through 1.39.12 Mediawiki - AbuseFilter Extension versions 1.42.0 through 1.42.6 Mediawiki - AbuseFilter Extension versions 1.43.0 through 1.43.1 Description: The issue is related to a Missing...

9.1CVSS6.3AI score0.00307EPSS

Exploits0References4

Cvelist•added 2025/06/27 1:21 p.m.•8 views

CVE-2025-53284 WordPress CMS Blocks plugin <= 1.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in pankaj.sakaria CMS Blocks cms-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS Blocks: from n/a through = 1.1...

6.5CVSS0.00188EPSS

Exploits0References1

CVE•added 2025/06/20 3:4 p.m.•12 views

CVE-2025-49993

CVE-2025-49993 covers a Missing Authorization vulnerability in the WordPress Cookie-Script.com plugin (versions ≤ 1.2.1). Attack surface is the plugin’s access control configuration, described as “Broken/Incorrectly Configured Access Control,” enabling exploitation of insufficient authorization c...

5.3CVSS5.9AI score0.00229EPSS

Exploits0References1

Positive Technologies•added 2025/06/20 12:0 a.m.•1 views

PT-2025-26358 · Unknown · Contentstudio

Name of the Vulnerable Software and Affected Versions: ContentStudio versions 1.3.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For ContentStudio versions 1.3.4 and...

5.3CVSS6AI score0.00229EPSS

Exploits0References4

Positive Technologies•added 2025/06/09 12:0 a.m.•2 views

PT-2025-24521 · Unknown · Cryptocloud - Crypto Payment Gateway

Name of the Vulnerable Software and Affected Versions: CryptoCloud - Crypto Payment Gateway versions n/a through 2.1.2 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

6.5CVSS6.3AI score0.00298EPSS

Exploits0References4

Positive Technologies•added 2025/06/09 12:0 a.m.•1 views

PT-2025-24545 · Lablup · Lablup'S Backendai

Name of the Vulnerable Software and Affected Versions: Lablup's BackendAI affected versions not specified Description: The issue is related to missing authorization in Lablup's BackendAI, allowing attackers to take over all active sessions. This enables them to access, steal, or alter any data...

8.1CVSS5.9AI score0.00261EPSS

Exploits0References8

Positive Technologies•added 2025/06/06 12:0 a.m.•1 views

PT-2025-24156 · Wordapp · Wordapp

Name of the Vulnerable Software and Affected Versions: Wordapp versions 1.7.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in Wordapp Team Wordapp, which allows exploiting incorrectly configured access control security levels. Recommendations: For version...

4.3CVSS4.3AI score0.0016EPSS

Exploits0References3

Vulnrichment•added 2025/05/23 12:43 p.m.•7 views

CVE-2025-47690 WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through = 3.1...

8.8CVSS7.2AI score0.00254EPSS

Exploits0References1