Export limit exceeded: 23792 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10566 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37123 | 1 Vowelweb | 1 Ibtana | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3. | ||||
| CVE-2024-37106 | 1 Membershipsoftware | 1 Wishlist Member X | 2026-04-15 | 8.2 High |
| Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6 | ||||
| CVE-2024-37096 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1. | ||||
| CVE-2024-37095 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.7.3. | ||||
| CVE-2025-1091 | 2026-04-15 | 4.3 Medium | ||
| A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known. | ||||
| CVE-2024-8270 | 2026-04-15 | 5.5 Medium | ||
| The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements (e.g., microphone, camera, automation, network client). Since Rocket.Chat was not signed with the Hardened Runtime nor set to enforce Library Validation, it is vulnerable to DYLIB injection attacks, which can lead to unauthorized actions or escalation of permissions. Consequently, an attacker gains capabilities that are not permitted by default under the Sandbox and its application profile. | ||||
| CVE-2025-1416 | 2026-04-15 | N/A | ||
| In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM (Mobile Device Management). For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-1417. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). | ||||
| CVE-2025-1418 | 2026-04-15 | N/A | ||
| A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information (including their usage in connected devices). This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). | ||||
| CVE-2024-3546 | 1 Webtoffee | 1 Backup And Migration | 2026-04-15 | 4.3 Medium |
| The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above, to invoke this function and access log files maintained by the plugin. Additionally, the file name is user-provided and not properly sanitized, which allows attackers to read arbitrary log files on the file system. | ||||
| CVE-2024-35168 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through 2.5.1. | ||||
| CVE-2024-54222 | 2 Seraphinitesolutions, Wordpress | 2 Seraphinite Accelerator, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through <= 2.22.15. | ||||
| CVE-2024-11851 | 2 Nitropack, Wordpress | 2 Nitropack, Wordpress | 2026-04-15 | 4.3 Medium |
| The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values. | ||||
| CVE-2024-33944 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2. | ||||
| CVE-2024-33596 | 1 Fivestarplugins | 1 Five Star Restaurant Reservations | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16. | ||||
| CVE-2024-39328 | 2026-04-15 | 6.8 Medium | ||
| Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role (Config Admin) could exceed their configuration privileges in a multi-partition environment and access some confidential data. Data integrity and availability is not at risk. | ||||
| CVE-2024-33588 | 2026-04-15 | 5.4 Medium | ||
| Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1. | ||||
| CVE-2024-33576 | 1 Wordpress | 1 Wppizza | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10. | ||||
| CVE-2024-33574 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1. | ||||
| CVE-2024-33573 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1. | ||||
| CVE-2024-3608 | 1 Pickplugins | 1 Product Designer | 2026-04-15 | 5.3 Medium |
| The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments. CVE-2024-38726 appears to be a duplicate of this issue. | ||||