Export limit exceeded: 363376 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11589 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11589 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43004 | 2026-04-15 | 5.3 Medium | ||
| Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability. | ||||
| CVE-2024-10536 | 2026-04-15 | 4.3 Medium | ||
| The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes. | ||||
| CVE-2024-10486 | 1 Automattic | 1 Woocommerce | 2026-04-15 | 5.3 Medium |
| The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks. | ||||
| CVE-2025-30741 | 1 Pixelfed | 1 Pixelfed | 2026-04-15 | 4.3 Medium |
| Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance. | ||||
| CVE-2024-48541 | 1 Ruochan | 1 Smart Firmware | 2026-04-15 | 8.4 High |
| Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2025-46744 | 2026-04-15 | 2.7 Low | ||
| An authenticated administrator could modify the Created By username for a user account | ||||
| CVE-2025-62027 | 2 Stellarwp, Wordpress | 2 Event Tickets, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.This issue affects Event Tickets: from n/a through <= 5.26.3. | ||||
| CVE-2025-42951 | 1 Sap | 1 Business One | 2026-04-15 | 8.8 High |
| Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application. | ||||
| CVE-2025-59451 | 1 Yosmart | 1 Yolink Application | 2026-04-15 | 3.5 Low |
| The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes. | ||||
| CVE-2024-48769 | 1 Burg-wchter Kg | 1 Burg-wchter Kg Firmware | 2026-04-15 | 9.1 Critical |
| An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. | ||||
| CVE-2024-48538 | 1 Netdvr | 1 Neye3c | 2026-04-15 | 9.8 Critical |
| Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2024-37095 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.7.3. | ||||
| CVE-2024-37106 | 1 Membershipsoftware | 1 Wishlist Member X | 2026-04-15 | 8.2 High |
| Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6 | ||||
| CVE-2024-37123 | 1 Vowelweb | 1 Ibtana | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3. | ||||
| CVE-2024-45285 | 2026-04-15 | 5.4 Medium | ||
| The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application. | ||||
| CVE-2024-37249 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1. | ||||
| CVE-2025-54554 | 1 Ticrypt Project | 1 Ticrypt | 2026-04-15 | 5.3 Medium |
| tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure. | ||||
| CVE-2024-37296 | 2026-04-15 | 5.3 Medium | ||
| The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue. | ||||
| CVE-2024-37300 | 2026-04-15 | 8.1 High | ||
| OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub < 5.0, when used with `GlobusOAuthenticator`, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub 5.0, because `allow_all` did not take precedence over `identity_provider`. Since JupyterHub 5.0, `allow_all` does take precedence over `identity_provider`. On a hub with the same config, now all users will be allowed to login, regardless of `identity_provider`. `identity_provider` will basically be ignored. This is a documented change in JupyterHub 5.0, but is likely to catch many users by surprise. OAuthenticator 16.3.1 fixes the issue with JupyterHub 5.0, and does not affect previous versions. As a workaround, do not upgrade to JupyterHub 5.0 when using `GlobusOAuthenticator` in the prior configuration. | ||||
| CVE-2024-37443 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0. | ||||