Export limit exceeded: 11847 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11847 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37218 2026-04-15 4.3 Medium
Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0.
CVE-2024-37214 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
CVE-2024-37209 2026-04-15 6.5 Medium
Access Control vulnerability in Prism IT Systems User Rights Access Manager allows . This issue affects User Rights Access Manager: from n/a through 1.1.2.
CVE-2024-37207 2 Theme4press, Wordpress 2 Demo Awesome, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.
CVE-2024-37203 2 Laybuy, Wordpress 2 Laybuy Payment Extension For Woocommerce, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9.
CVE-2024-37201 2026-04-15 4.3 Medium
Missing Authorization vulnerability in javmah Woocommerce Customers Order History allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woocommerce Customers Order History: from n/a through 5.2.2.
CVE-2024-37123 1 Vowelweb 1 Ibtana 2026-04-15 5.3 Medium
Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3.
CVE-2024-37106 1 Membershipsoftware 1 Wishlist Member X 2026-04-15 8.2 High
Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6
CVE-2024-37096 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1.
CVE-2024-37095 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.7.3.
CVE-2024-36326 1 Amd 3 Ryzen, Ryzen 7040, Ryzen Ai 300 2026-04-15 8.4 High
Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity.
CVE-2024-8270 2026-04-15 5.5 Medium
The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements (e.g., microphone, camera, automation, network client). Since Rocket.Chat was not signed with the Hardened Runtime nor set to enforce Library Validation, it is vulnerable to DYLIB injection attacks, which can lead to unauthorized actions or escalation of permissions. Consequently, an attacker gains capabilities that are not permitted by default under the Sandbox and its application profile.
CVE-2024-3626 2026-04-15 4.3 Medium
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including, 5.7.17. This makes it possible for authenticated attackers, with subscriber access and above, to obtain the contents of private and password-protected posts.
CVE-2024-36246 1 Yokogawa Rental Lease Corporation 2 Unifier, Unifier Cast 2026-04-15 9.8 Critical
Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.
CVE-2024-35686 1 Automattic 2 Sensei Lms, Sensei Pro 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.
CVE-2024-35685 1 Anders Noren 1 Radcliffe 2 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Anders Norén Radcliffe 2.This issue affects Radcliffe 2: from n/a through 2.0.17.
CVE-2024-35683 2 Teplitsa Of Social Technologies, Wordpress 2 Leyka, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1.
CVE-2024-35671 2 Minoji, Wordpress 2 Mj Update History, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4.
CVE-2024-35667 2026-04-15 5.3 Medium
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.
CVE-2024-35665 1 Namithjawahar 1 Insert Post Ads 2026-04-15 5.3 Medium
Missing Authorization vulnerability in namithjawahar Insert Post Ads.This issue affects Insert Post Ads: from n/a through 1.3.2.