Export limit exceeded: 363423 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11590 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11590 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37214 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
CVE-2024-37232 1 Toddnestor 1 Hercules Core 2026-04-15 8.8 High
Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5.
CVE-2024-37106 1 Membershipsoftware 1 Wishlist Member X 2026-04-15 8.2 High
Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6
CVE-2024-37095 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.7.3.
CVE-2024-37456 1 Noptin 1 Noptin 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2.
CVE-2025-3272 2026-04-15 N/A
Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager.  The vulnerability could allow authenticated users to change their password without providing their old password. This issue affects Operations Bridge Manager: 24.2, 24.4.
CVE-2024-37468 1 Blazethemes 1 Newsmatic 2026-04-15 5.3 Medium
Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1.
CVE-2024-37475 1 Automattic 1 Newspack Newsletters 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2.
CVE-2025-64192 2 8theme, Wordpress 2 Xstore, Wordpress 2026-04-15 6.3 Medium
Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.
CVE-2025-59451 1 Yosmart 1 Yolink Application 2026-04-15 3.5 Low
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes.
CVE-2024-53937 1 Victure 1 Rx1800 Firmware 2026-04-15 8.8 High
An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.)
CVE-2025-53943 2026-04-15 N/A
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to execute sensitive commands such as `ban`, `kick`, or `shutdown`, potentially disrupting server operations. Version 1.0.0 fixes the issue.
CVE-2022-41995 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Galleryape Gallery Images Ape allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gallery Images Ape: from n/a through 2.2.8.
CVE-2026-24939 2 Wordpress, Wpchill 2 Wordpress, Modula Image Gallery 2026-04-15 4.3 Medium
Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Gallery: from n/a through <= 2.13.6.
CVE-2025-66140 2 Merkulove, Wordpress 2 Uper For Elementor, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.
CVE-2024-3626 2026-04-15 4.3 Medium
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including, 5.7.17. This makes it possible for authenticated attackers, with subscriber access and above, to obtain the contents of private and password-protected posts.
CVE-2025-24869 2026-04-15 4.3 Medium
SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. This information should ideally be restricted to customer administrators, even though they may not need it. These XML files are not entirely SAP-internal as they are deployed with the server. In such a scenario, sensitive information could be exposed without compromising its integrity or availability.
CVE-2024-36055 2026-04-15 5.5 Medium
Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD).
CVE-2024-5769 2026-04-15 4.3 Medium
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add, update, and delete shipper tracking settings.
CVE-2025-67993 2 Vito Peleg, Wordpress 2 Atarim, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1.