Export limit exceeded: 366372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11851 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-68476 2026-04-15 7.7 High
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account Token specified in spec.hashiCorpVault.credential.serviceAccount. An attacker with permissions to create or modify a TriggerAuthentication resource can exfiltrate the content of any file from the node's filesystem (where the KEDA pod resides) by directing the file's content to a server under their control, as part of the Vault authentication request. The potential impact includes the exfiltration of sensitive system information, such as secrets, keys, or the content of files like /etc/passwd. This issue has been patched in versions 2.17.3 and 2.18.3.
CVE-2025-68920 2026-04-15 8.9 High
C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system.
CVE-2025-68947 1 Nsecsoft 1 Nscknl 2026-04-15 4.7 Medium
NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver.
CVE-2025-69010 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in themebeez Themebeez Toolkit themebeez-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themebeez Toolkit: from n/a through <= 1.3.5.
CVE-2025-69016 2 Averta, Wordpress 2 Shortcodes And Extra Features For Phlox Theme, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15.
CVE-2025-69023 2 Marketingfire, Wordpress 2 Discussion Board, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through <= 2.5.7.
CVE-2025-69028 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.
CVE-2025-69052 2 Fmeaddons, Wordpress 2 Registration And Login With Mobile Phone Number For Woocommerce, Wordpress 2026-04-15 9.8 Critical
Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registration & Login with Mobile Phone Number for WooCommerce: from n/a through <= 1.3.1.
CVE-2025-69091 2 Kraftplugins, Wordpress 2 Demo Importer Plus, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through <= 2.0.8.
CVE-2025-69093 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopMagic: from n/a through <= 4.7.2.
CVE-2025-7665 2 Miniorange, Wordpress 2 Otp Verification With Firebase, Wordpress 2026-04-15 8.1 High
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to Administrator. Premium features must be enabled in order to exploit the vulnerability.
CVE-2025-7689 2 Themefic, Wordpress 2 Hydra Booking, Wordpress 2026-04-15 8.8 High
The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() function in versions 1.1.0 to 1.1.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the password of an Administrator user, achieving full privilege escalation.
CVE-2025-6813 2026-04-15 8.8 High
The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass all role checks and gain full admin privileges.
CVE-2025-67599 2 Webtoffee, Wordpress 2 Ecommerce Marketing Automation, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through <= 2.1.1.
CVE-2025-67579 2 Vanquish, Wordpress 2 User Extra Fields, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8.
CVE-2025-67576 2 Quantumcloud, Wordpress 2 Simple Link Directory, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
CVE-2024-12253 2026-04-15 5.4 Medium
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users).
CVE-2025-67570 2 Westerndeal, Wordpress 2 Wpforms Google Sheet Connector, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.0.
CVE-2026-24939 2 Wordpress, Wpchill 2 Wordpress, Modula Image Gallery 2026-04-15 4.3 Medium
Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Gallery: from n/a through <= 2.13.6.
CVE-2025-33185 1 Nvidia 1 Aistore 2026-04-15 5.3 Medium
NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure.  A successful exploit of this vulnerability may lead to information disclosure.