Search Results (8580 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-38737 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422.
CVE-2024-38740 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.
CVE-2024-38743 1 Upqode 1 Plum 2026-04-15 5.3 Medium
Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.
CVE-2024-38744 1 Upqode 1 Plum 2026-04-15 8.3 High
Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.
CVE-2024-38745 1 Rymera 1 Wholesale Suite 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wholesale Suite: from n/a through 2.1.12.
CVE-2024-0394 2026-04-15 7.8 High
Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege.  The vulnerability is caused by the product's implementation of OpenSSL's`OPENSSLDIR` parameter where it is set to a path accessible to low-privileged users.  The vulnerability has been remediated and fixed in version 4.5.5. 
CVE-2024-38774 2 Siteground, Wordpress 2 Siteground Security, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in SiteGround SiteGround Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through 1.5.0.
CVE-2024-38777 2026-04-15 6.5 Medium
Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6.
CVE-2024-38792 1 Conveythis 1 Language Translate Widget For Wordpress Conveythis 2026-04-15 5.3 Medium
Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 234.
CVE-2024-38794 1 Mediaron 1 Custom Query Blocks 2026-04-15 5.3 Medium
Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0.
CVE-2025-27432 2026-04-15 2.4 Low
The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application.
CVE-2025-27428 2026-04-15 7.7 High
Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability.
CVE-2024-4138 1 Sap 1 S/4 Hana 2026-04-15 4.3 Medium
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected.
CVE-2024-4139 2026-04-15 4.3 Medium
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.
CVE-2024-12544 2026-04-15 8.8 High
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This function is still vulnerable to Cross-Site Request Forgery as of 1.12.20.
CVE-2025-15066 2026-04-15 6.2 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Authorization vulnerability in Innorix WP allows Path Traversal.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed (ex: innorix/exam)
CVE-2024-53605 1 Handcent 1 Nextcms 2026-04-15 7.5 High
Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data.
CVE-2024-1641 2 Pickplugins, Wordpress 2 Accordion, Wordpress 2026-04-15 5.4 Medium
The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts.
CVE-2024-1637 2026-04-15 4.3 Medium
The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings.
CVE-2024-13747 2026-04-15 4.3 Medium
The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'template_delete_saved' function in all versions up to, and including, 3.0.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject SQL into an existing post deletion query.