Search Results (8578 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-31421 1 Supsystic 1 Popup 2026-04-23 4.3 Medium
Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic.This issue affects Popup by Supsystic: from n/a through <= 1.10.27.
CVE-2024-31281 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-23 6.3 Medium
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.6.
CVE-2024-31246 1 Wpxpo 1 Postx 2026-04-23 5.4 Medium
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 3.2.3.
CVE-2024-30534 1 Typps 1 Calendarista 2026-04-23 6.5 Medium
Missing Authorization vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through <= 3.0.5.
CVE-2024-30529 1 Tainacan 1 Tainacan 2026-04-23 5.3 Medium
Missing Authorization vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.7.
CVE-2024-30505 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.18.
CVE-2024-27950 1 Sirv 1 Sirv 2026-04-23 5.4 Medium
Missing Authorization vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.0.
CVE-2024-24833 1 Leevio 1 Happy Addons For Elementor 2026-04-23 4.3 Medium
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through <= 3.10.1.
CVE-2023-50904 2 Ays-pro, Poll Maker Team 2 Poll Maker, Poll Maker 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.8.0.
CVE-2023-49857 2 Awesomesupport, Getawesomesupport 2 Awesome Support Wordpress Helpdesk \& Support, Awesome Support 2026-04-23 6.5 Medium
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.7.
CVE-2023-49831 1 Metagauss 1 Registrationmagic 2026-04-23 7.5 High
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 5.2.3.0.
CVE-2023-49757 1 Getawesomesupport 1 Awesome Support 2026-04-23 5.4 Medium
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.10.
CVE-2023-48324 1 Getawesomesupport 1 Awesome Support 2026-04-23 5.4 Medium
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.4.
CVE-2023-47807 1 10web 1 10webanalytics 2026-04-23 4.3 Medium
Missing Authorization vulnerability in 10Web 10WebAnalytics wd-google-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through <= 1.2.12.
CVE-2023-45766 1 Ays-pro 1 Poll Maker 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.7.1.
CVE-2023-45765 1 Wedevs 1 Wp Erp 2026-04-23 4.3 Medium
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.12.6.
CVE-2026-5756 1 Data Recognition Corporation 1 Central Office Services - Content Hosting Component 2026-04-23 7.5 High
Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services.
CVE-2026-25058 2 Vexa, Vexa-ai 2 Vexa, Vexa 2026-04-23 7.5 High
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` that returns transcript data for any meeting without any authentication or authorization checks. An unauthenticated attacker can enumerate all meeting IDs, access any user's meeting transcripts without credentials, and steal confidential business conversations, passwords, and/or PII. Version 0.10.0-260419-1910 patches the issue.
CVE-2026-35033 1 Jellyfin 1 Jellyfin 2026-04-23 9.1 Critical
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any lowercase query parameter to a dictionary without validation, bypassing the RegularExpression attribute on the level controller parameter, and the unsanitized value is concatenated directly into the ffmpeg command line. By injecting a drawtext filter with a textfile argument, an attacker can read arbitrary server files such as /etc/shadow and exfiltrate their contents as text rendered in the video stream response. The vulnerable /Videos/{itemId}/stream endpoint has no Authorize attribute, making this exploitable without authentication, though item GUIDs are pseudorandom and require an authenticated user to obtain. This issue has been fixed in version 10.11.7.
CVE-2026-6235 2 Sendmachine, Wordpress 2 Sendmachine For Wordpress, Wordpress 2026-04-23 9.8 Critical
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the plugin's SMTP configuration, which can be leveraged to intercept all outbound emails from the site (including password reset emails).