Export limit exceeded: 10558 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10558 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45285 | 2026-04-15 | 5.4 Medium | ||
| The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application. | ||||
| CVE-2024-45284 | 2026-04-15 | 2.4 Low | ||
| An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application. | ||||
| CVE-2023-36512 | 2 Woo, Wordpress | 2 Automatewoo, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5. | ||||
| CVE-2025-42987 | 2026-04-15 | 4.3 Medium | ||
| SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application. | ||||
| CVE-2024-33941 | 1 Ipanorama 360 Wordpress Virtual Tour Builder Project | 1 Ipanorama 360 Wordpress Virtual Tour Builder | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1. | ||||
| CVE-2025-42953 | 1 Sap | 1 Netweaver | 2026-04-15 | 8.1 High |
| SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system. | ||||
| CVE-2024-33942 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Eric Alli Google Typography.This issue affects Google Typography: from n/a through 1.1.2. | ||||
| CVE-2024-33956 | 2 Themelocation, Wordpress | 2 Custom Woocommerce Checkout Fields Editor, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0. | ||||
| CVE-2025-68087 | 2 Merkulove, Wordpress | 2 Modalier For Elementor, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Modalier for Elementor modalier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modalier for Elementor: from n/a through <= 1.0.6. | ||||
| CVE-2025-42952 | 2026-04-15 | 7.7 High | ||
| SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short dumps on login. This could cause a high impact on availability. Data confidentiality and integrity are not affected. No data can be read, changed or deleted. | ||||
| CVE-2024-35187 | 2026-04-15 | 9.1 Critical | ||
| Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user (not as root) to isolate an attacker with Arbitrary Code Execution to the current service. Therefore, other system services and the system itself remains protected in case of a successful attack. stalwart-mail runs as a separate user, but it can give itself full privileges again in a simple way, so this protection is practically ineffective. Server admins who handed out the admin credentials to the mail server, but didn't want to hand out complete root access to the system, as well as any attacked user when the attackers gained Arbitrary Code Execution using another vulnerability, may be vulnerable. Version 0.8.0 contains a patch for the issue. | ||||
| CVE-2025-42915 | 1 Sap | 1 Fiori | 2026-04-15 | 5.4 Medium |
| Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability. | ||||
| CVE-2025-42914 | 1 Sap | 1 Fiori | 2026-04-15 | 3.1 Low |
| Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted. | ||||
| CVE-2025-42913 | 1 Sap | 1 Fiori | 2026-04-15 | 3.1 Low |
| Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted. | ||||
| CVE-2025-59449 | 1 Yosmart | 1 Yolink Mqtt Broker | 2026-04-15 | 4.9 Medium |
| The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacker can exploit this to gain full control over any other YoLink user's devices. | ||||
| CVE-2025-66079 | 2 Jegstudio, Wordpress | 2 Gutenverse, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.2.0. | ||||
| CVE-2025-41249 | 1 Vmware | 1 Spring Framework | 2026-04-15 | 7.5 High |
| The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature. You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces. This CVE is published in conjunction with CVE-2025-41248 https://spring.io/security/cve-2025-41248 . | ||||
| CVE-2024-37427 | 1 Arraytics | 1 Timetics | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21. | ||||
| CVE-2025-66099 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3. | ||||
| CVE-2024-37439 | 1 Uncannyowl | 1 Uncanny Toolkit Pro For Learndash | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0 | ||||