Export limit exceeded: 10561 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10561 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69297 | 2 Ghostpool, Wordpress | 2 Aardvark Plugin, Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19. | ||||
| CVE-2025-69331 | 2 Jeroen Schmit, Wordpress | 2 Theater For Wordpress, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.19. | ||||
| CVE-2024-51417 | 2026-04-15 | 6.4 Medium | ||
| An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields. | ||||
| CVE-2024-51426 | 1 Ethereum | 1 Ethereum | 2026-04-15 | 8.8 High |
| An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the _transfer function. NOTE: this is disputed by third parties because the impact is limited to function calls. | ||||
| CVE-2025-69336 | 2 Bdthemes, Wordpress | 2 Utlimate Store Kit Elementor Addons, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.9.4. | ||||
| CVE-2024-52732 | 1 Warehouse Management System Zeqp | 1 Warehouse Management System Zeqp | 2026-04-15 | 9.1 Critical |
| Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused. | ||||
| CVE-2024-53937 | 1 Victure | 1 Rx1800 Firmware | 2026-04-15 | 8.8 High |
| An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.) | ||||
| CVE-2024-53941 | 1 Victure | 1 Rx1800 Firmware | 2026-04-15 | 8.8 High |
| An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID. | ||||
| CVE-2024-54010 | 2026-04-15 | 3.4 Low | ||
| A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure. | ||||
| CVE-2024-5539 | 1 Carrier | 2 Automatedlogic Webctrl, I-vu | 2026-04-15 | N/A |
| The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server. | ||||
| CVE-2024-55408 | 2026-04-15 | 5.3 Medium | ||
| An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizing the driver when crafted IOCTL requests are supplied. | ||||
| CVE-2025-6892 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9010 and 4 more | 2026-04-15 | N/A |
| An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative functions. This vulnerability can be exploited after a legitimate user has logged in, as the system fails to properly validate session context or privilege boundaries. An attacker may leverage this flaw to perform unauthorized privileged operations. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems. | ||||
| CVE-2024-5704 | 2026-04-15 | 4.3 Medium | ||
| The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions (i.e. ffw_insert_new_faq, ffw_hide_discount_notice, ffw_delete_all_faqs, ffw_delete_single_faq, etc...) in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to add new and update existing FAQs, FAQ lists, and modify FAQ associations with products. | ||||
| CVE-2024-6688 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxy_save_css_from_admin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update stylesheets. | ||||
| CVE-2025-5483 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO functionality is enabled. | ||||
| CVE-2024-10579 | 2026-04-15 | 4.3 Medium | ||
| The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view unpublished forms. | ||||
| CVE-2024-7648 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access and above, to view private notes via recent comments that should be restricted to just administrators. | ||||
| CVE-2024-8272 | 1 Universal Audio | 1 Uaconnect | 2026-04-15 | 7.8 High |
| The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root. | ||||
| CVE-2024-9223 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_ajax_post_it_list_comment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view comments on any post, including private and password protected posts, and pending and draft posts if they were previously published. The vulnerability was partially patched in version 1.3.5. | ||||
| CVE-2024-4280 | 2 Videousermanuals, Wordpress | 2 White-label-cms, Wordpress | 2026-04-15 | 5.3 Medium |
| The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings. | ||||