Export limit exceeded: 11952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46744 | 2026-04-15 | 2.7 Low | ||
| An authenticated administrator could modify the Created By username for a user account | ||||
| CVE-2025-66079 | 2 Jegstudio, Wordpress | 2 Gutenverse, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.2.0. | ||||
| CVE-2025-8533 | 1 Flexibits | 1 Fantastical | 2026-04-15 | N/A |
| A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could connect to the XPC service and access its methods. This issue has been resolved in version 4.0.16. | ||||
| CVE-2024-4010 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2026-04-15 | 8.8 High |
| The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these actions could also be leveraged to conduct PHP Object Injection and SQL Injection attacks. | ||||
| CVE-2025-66163 | 2 Merkulove, Wordpress | 2 Masker For Elementor, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Masker for Elementor masker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masker for Elementor: from n/a through <= 1.1.4. | ||||
| CVE-2025-66161 | 2 Merkulove, Wordpress | 2 Grider For Elementor, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Grider for Elementor grider-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grider for Elementor: from n/a through <= 1.0.8. | ||||
| CVE-2024-13780 | 2026-04-15 | 6.5 Medium | ||
| The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenu_delete_menu() function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete arbitrary directories on the server. | ||||
| CVE-2024-13747 | 2026-04-15 | 4.3 Medium | ||
| The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'template_delete_saved' function in all versions up to, and including, 3.0.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject SQL into an existing post deletion query. | ||||
| CVE-2024-40530 | 1 Uab Lexita | 1 Panteracrm Cms | 2026-04-15 | 7.5 High |
| A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. | ||||
| CVE-2024-35683 | 2 Teplitsa Of Social Technologies, Wordpress | 2 Leyka, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1. | ||||
| CVE-2024-36055 | 2026-04-15 | 5.5 Medium | ||
| Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD). | ||||
| CVE-2024-27086 | 2026-04-15 | 3.9 Low | ||
| The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android (e.g., MAUI) using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer Android device can cause local denial of service against applications that were built using MSAL.NET for authentication on the same device (i.e., prevent the user of the legitimate application from logging in) due to incorrect activity export configuration. MSAL.NET version 4.60.1 includes the fix. As a workaround, a developer may explicitly mark the MSAL.NET activity non-exported. | ||||
| CVE-2021-26387 | 2026-04-15 | 3.9 Low | ||
| Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity. | ||||
| CVE-2025-42915 | 1 Sap | 1 Fiori | 2026-04-15 | 5.4 Medium |
| Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability. | ||||
| CVE-2024-36246 | 1 Yokogawa Rental Lease Corporation | 2 Unifier, Unifier Cast | 2026-04-15 | 9.8 Critical |
| Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted. | ||||
| CVE-2025-66140 | 2 Merkulove, Wordpress | 2 Uper For Elementor, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5. | ||||
| CVE-2024-37218 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0. | ||||
| CVE-2025-64248 | 2 Emarketdesign, Wordpress | 2 Request A Quote, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through <= 2.5.3. | ||||
| CVE-2025-42949 | 1 Sap | 1 Abap Platform | 2026-04-15 | 4.9 Medium |
| Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization, leading to a significant compromise of data confidentiality. However, the integrity and availability of the system remain unaffected. | ||||
| CVE-2025-2420 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability classified as problematic was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||