Export limit exceeded: 366404 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366404 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11854 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11854 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-7915 1 Sensei 1 Sensei Mac Cleaner 2026-04-15 7.8 High
The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading extensions, among other actions. The vulnerable module org.cindori.SenseiHelper can be contacted via XPC. While the module performs client validation, it relies on the client's PID obtained through the public processIdentifier property of the NSXPCConnection class. This approach makes the module susceptible to a PID Reuse Attack, enabling an attacker to impersonate a legitimate client and send crafted XPC messages to invoke arbitrary methods exposed by the HelperProtocol interface.
CVE-2024-7894 1 Andreiigna 1 If Menu 2026-04-15 5.3 Medium
The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key.
CVE-2024-6782 1 Calibre 1 Calibre 2026-04-15 9.8 Critical
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
CVE-2024-6688 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxy_save_css_from_admin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update stylesheets.
CVE-2024-58260 2 Rancher, Suse 2 Rancher, Rancher 2026-04-15 7.6 High
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.
CVE-2024-58101 2026-04-15 8.1 High
Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity vulnerability by the vendor.
CVE-2024-5769 2026-04-15 4.3 Medium
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add, update, and delete shipper tracking settings.
CVE-2024-5768 2026-04-15 6.4 Medium
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimo_update_provider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update shipping provider information, including adding stored cross-site scripting.
CVE-2024-5677 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the fig_save_after_generate_image function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary images to a post-related gallery.
CVE-2024-5669 2026-04-15 6.4 Medium
The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store cross-site scripting that will trigger when viewing the dashboard templates or accessing FAQs.
CVE-2024-5600 1 Happymonkeyagency 1 Scss Happy Compiler 2026-04-15 5.4 Medium
The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts.
CVE-2024-54916 2026-04-15 6.8 Medium
An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the checkPasscode method.
CVE-2024-54124 1 Clickstudios 1 Passwordstate 2026-04-15 8.8 High
In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen.
CVE-2024-54010 2026-04-15 3.4 Low
A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure.
CVE-2024-53941 1 Victure 1 Rx1800 Firmware 2026-04-15 8.8 High
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID.
CVE-2024-53938 1 Victure 1 Rx1800 Firmware 2026-04-15 8.8 High
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication.
CVE-2024-53937 1 Victure 1 Rx1800 Firmware 2026-04-15 8.8 High
An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.)
CVE-2024-5326 2026-04-15 8.8 High
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
CVE-2024-51426 1 Ethereum 1 Ethereum 2026-04-15 8.8 High
An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the _transfer function. NOTE: this is disputed by third parties because the impact is limited to function calls.
CVE-2024-51425 1 Ethereum 1 Ethereum 2026-04-15 8.8 High
An issue in the WaterToken smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact. NOTE: this is disputed by third parties because the impact is limited to function calls.