Search Results (11824 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37207 2 Theme4press, Wordpress 2 Demo Awesome, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.
CVE-2024-37209 2026-04-15 6.5 Medium
Access Control vulnerability in Prism IT Systems User Rights Access Manager allows . This issue affects User Rights Access Manager: from n/a through 1.1.2.
CVE-2024-37214 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
CVE-2024-37218 2026-04-15 4.3 Medium
Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0.
CVE-2024-3722 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve and modify settings.
CVE-2024-48651 1 Proftpd 1 Proftpd 2026-04-15 7.5 High
In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.
CVE-2024-48645 1 Arm32x 1 Command Block Ide 2026-04-15 7.5 High
In Minecraft mod "Command Block IDE" up to and including version 0.4.9, a missing authorization (CWE-862) allows any user to modify "function" files used by the game when installed on a dedicated server.
CVE-2022-4974 1 Wordpress 1 Wordpress 2026-04-15 6.3 Medium
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
CVE-2024-48548 1 Cloud Smart Lock 1 Cloud Smart Lock Firmware 2026-04-15 9.3 Critical
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack.
CVE-2024-48547 1 Dreamcatcher Iot Technology 1 Dreamcatcher Life Firmware 2026-04-15 8.4 High
Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVE-2024-48546 1 Shenzhen Yingsheng Technology Co 1 Wear Sync Firmware 2026-04-15 8.4 High
Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVE-2024-37220 1 Optinly 1 Optinly 2026-04-15 5.3 Medium
Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18.
CVE-2024-37226 1 Kanbanwp 1 Kanban Boards For Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.
CVE-2024-48545 1 Ivyiot 1 Ivy Smart Firmware 2026-04-15 8.4 High
Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVE-2024-43285 1 Wordpress 1 Wordpress 2026-04-15 6.3 Medium
Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2.
CVE-2024-37232 1 Toddnestor 1 Hercules Core 2026-04-15 8.8 High
Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5.
CVE-2024-48541 1 Ruochan 1 Smart Firmware 2026-04-15 8.4 High
Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVE-2024-37249 2026-04-15 4.3 Medium
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1.
CVE-2024-48538 1 Netdvr 1 Neye3c 2026-04-15 9.8 Critical
Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVE-2024-48540 1 Shenzhen Xiaohe Lejia Technology Co 1 Xiaohesmart Firmware 2026-04-15 6.2 Medium
Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file.