Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (8634 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-68920 2026-04-15 8.9 High
C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system.
CVE-2025-66140 2 Merkulove, Wordpress 2 Uper For Elementor, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.
CVE-2024-43143 2026-04-15 6.4 Medium
Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1.
CVE-2025-68947 1 Nsecsoft 1 Nscknl 2026-04-15 4.7 Medium
NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver.
CVE-2024-6071 2026-04-15 10 Critical
PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.
CVE-2024-36246 1 Yokogawa Rental Lease Corporation 2 Unifier, Unifier Cast 2026-04-15 9.8 Critical
Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.
CVE-2025-68050 2 Leadpages, Wordpress 2 Leadpages, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3.
CVE-2025-10212 2 Sitealert, Wordpress 2 Sitealert, Wordpress 2026-04-15 5.3 Medium
The SiteAlert (Formerly WP Health) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to view the site health information, including a list of installed and outdated plugins, PHP and Database version, etc.
CVE-2024-37276 1 Fifu 1 Featured Image From Url 2026-04-15 5.3 Medium
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1.
CVE-2024-43256 2026-04-15 7.1 High
Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.
CVE-2025-69185 1 Wordpress 1 Wordpress 2026-04-15 7.3 High
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.
CVE-2025-69184 2 E-plugins, Wordpress 2 Institutions Directory, Wordpress 2026-04-15 7.3 High
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3.4.
CVE-2024-43212 1 Magepeople 1 Wptravelly 2026-04-15 7.5 High
Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7.
CVE-2024-43215 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in creativemotion Social Slider Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Slider Feed: from n/a through 2.2.2.
CVE-2024-43209 1 Bitly 1 Bitly 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2.
CVE-2024-43157 2 Ncrafts, Wordpress 2 Formcraft, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10.
CVE-2024-35683 2 Teplitsa Of Social Technologies, Wordpress 2 Leyka, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1.
CVE-2024-12341 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the content of any post and create new skins.
CVE-2024-43119 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12.
CVE-2025-64171 1 Marin3r 1 Marin3r 2026-04-15 6.5 Medium
MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is fixed in version 0.13.4.