Export limit exceeded: 14605 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11877 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11877 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-4199 2026-04-15 4.3 Medium
The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to invoke their corresponding functions. This may lead to post creation and duplication, post content retrieval, post taxonomy manipulation.
CVE-2025-69193 2 E-plugins, Wordpress 2 Wp Membership, Wordpress 2026-04-15 7.3 High
Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2024-42371 2026-04-15 5.4 Medium
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.
CVE-2024-42372 1 Sap 1 Netweaver System Landscape Directory 2026-04-15 6.5 Medium
Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.
CVE-2024-4319 2026-04-15 5.3 Medium
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms.
CVE-2024-43209 1 Bitly 1 Bitly 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2.
CVE-2024-42380 2026-04-15 4.3 Medium
The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application.
CVE-2024-43157 2 Ncrafts, Wordpress 2 Formcraft, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10.
CVE-2024-43154 2 Bracketspace, Wordpress 2 Advanced Cron Manager, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9.
CVE-2024-43146 1 Wordpress 1 Wordpress 2026-04-15 6.3 Medium
Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1.
CVE-2024-43119 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12.
CVE-2024-43120 1 Gmo 1 Typesquare Webfonts For Conoha 2026-04-15 5.3 Medium
Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7.
CVE-2024-43122 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9.
CVE-2024-43143 2026-04-15 6.4 Medium
Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1.
CVE-2025-67540 3 Elementor, Wealcoder, Wordpress 3 Elementor, Animation Addons For Elementor, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from n/a through <= 2.4.5.
CVE-2024-44765 1 Mgt-commerce 1 Cloudpanel 2026-04-15 6.5 Medium
An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality.
CVE-2025-10352 1 Melistechnology 1 Melis Platform 2026-04-15 N/A
Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.
CVE-2024-48544 1 Ledvance 1 Sylvania Smart Home Firmware 2026-04-15 8.4 High
Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVE-2024-48787 1 Revic Optics 1 Revic Ops Firmware 2026-04-15 9.1 Critical
An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2025-31481 1 Api-platform 1 Core 2026-04-15 7.5 High
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17.