Export limit exceeded: 363381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11590 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11590 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30107 | 2026-04-15 | 7.5 High | ||
| On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management allows unauthorized users to modify settings, disable critical functions, and turn off battery protection, potentially causing physical damage to the vehicle. | ||||
| CVE-2025-3861 | 2026-04-15 | 5.4 Medium | ||
| The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pda_lite_custom_permission_check' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media. | ||||
| CVE-2025-46823 | 2026-04-15 | N/A | ||
| openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch. | ||||
| CVE-2024-5539 | 1 Carrier | 2 Automatedlogic Webctrl, I-vu | 2026-04-15 | N/A |
| The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server. | ||||
| CVE-2025-30074 | 1 Parallels | 1 Parallels Desktop | 2026-04-15 | 7.8 High |
| Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine. | ||||
| CVE-2023-4730 | 1 Binhnguyenplus | 1 Ladiapp | 2026-04-15 | 5.3 Medium |
| The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts. | ||||
| CVE-2024-13811 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_import_lafka' AJAX actions in all versions up to, and including, 4.5.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo data that overrides the site. | ||||
| CVE-2025-69010 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Themebeez Toolkit themebeez-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themebeez Toolkit: from n/a through <= 1.3.5. | ||||
| CVE-2024-32730 | 2026-04-15 | 6.5 Medium | ||
| SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the confidentiality of the application. | ||||
| CVE-2024-3277 | 2 Wordpress, Yumpu | 2 Wordpress, Yumpu Epaper Publishing | 2026-04-15 | 5 Medium |
| The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload PDF files and publish them, as well as modify the API key. | ||||
| CVE-2024-32777 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39. | ||||
| CVE-2024-32802 | 2026-04-15 | 5.3 Medium | ||
| Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32. | ||||
| CVE-2024-32814 | 2 Wordpress, Zorem | 2 Wordpress, Advanced Local Pickup For Woocommerce | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.1. | ||||
| CVE-2024-5600 | 1 Happymonkeyagency | 1 Scss Happy Compiler | 2026-04-15 | 5.4 Medium |
| The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts. | ||||
| CVE-2024-34804 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8. | ||||
| CVE-2025-66406 | 1 Smallstep | 1 Certificates | 2026-04-15 | 5 Medium |
| Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0. | ||||
| CVE-2024-2962 | 1 Codesupplyco | 1 Networker Technews Wordpress Theme With Dark Mode | 2026-04-15 | 5.3 Medium |
| The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus. | ||||
| CVE-2024-37209 | 2026-04-15 | 6.5 Medium | ||
| Access Control vulnerability in Prism IT Systems User Rights Access Manager allows . This issue affects User Rights Access Manager: from n/a through 1.1.2. | ||||
| CVE-2024-37220 | 1 Optinly | 1 Optinly | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18. | ||||
| CVE-2024-53937 | 1 Victure | 1 Rx1800 Firmware | 2026-04-15 | 8.8 High |
| An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.) | ||||