Search Results (5619 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-1418 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled.
CVE-2025-53360 1 Glpi-project 1 Database Inventory 2026-04-15 4.3 Medium
pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.
CVE-2024-21740 1 Artery 2 At32f415cbt7, At32f421c8t7 2026-04-15 7.4 High
Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access Control.
CVE-2024-21741 1 Gigadevice 1 Gd32e103c8t6 2026-04-15 9.8 Critical
GigaDevice GD32E103C8T6 devices have Incorrect Access Control.
CVE-2024-21767 2026-04-15 9.4 Critical
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.
CVE-2024-21828 1 Intel 2 Ethernet Adapter Complete Driver Pack, Ethernet Connections Boot Utility Preboot Images And Efi Drivers 2026-04-15 6.7 Medium
Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-51627 2026-04-15 6.5 Medium
Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator.
CVE-2024-22830 1 Windows-kernel 1 Ace-base-sys 2026-04-15 5.3 Medium
Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL level.
CVE-2024-31207 1 Vitejs 1 Vite 2026-04-15 5.9 Medium
Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.
CVE-2024-31964 1 Mitel 3 6800 Series Sip Phones, 6900w Series Sip Phone, 6970 Conference Unit 2026-04-15 7.5 High
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service.
CVE-2024-31967 1 Mitel 3 6800 Series Sip Phones, 6900 Series Sip Phones, 6970 Conference Unit 2026-04-15 9.1 Critical
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration.
CVE-2024-32044 1 Intel 1 Arc Pro Graphics 2026-04-15 6.8 Medium
Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-33647 2026-04-15 6.5 Medium
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.
CVE-2024-34404 1 Veritas 2 Netbackup, Netbackup Appliance 2026-04-15 6.8 Medium
A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. This vulnerability allowed a NetBackup administrator to modify the expiration of backups under Governance mode (which could cause premature deletion).
CVE-2024-6727 2026-04-15 5.4 Medium
A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application.
CVE-2024-36080 1 Westernmo 1 Edw 100 2026-04-15 9.8 Critical
Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.
CVE-2025-46816 2026-04-15 N/A
goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone to execute commands on the server. The function `dispatchReadPump` does not checks the option cli `-c`, thus allowing anyone to execute arbitrary command through the use of websockets. Version 1.0.5 fixes the issue.
CVE-2024-37355 2026-04-15 8.8 High
Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-37386 1 Stormshield 1 Stormshield Network Security 2026-04-15 4.2 Medium
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2.
CVE-2024-38310 2026-04-15 8.2 High
Improper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.