Export limit exceeded: 364232 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364232 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-40672 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1.
CVE-2023-40673 2026-04-15 6.5 Medium
: Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02.
CVE-2023-40679 2 Jeweltheme, Wordpress 2 Master Addons For Elementor, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3.
CVE-2023-40702 1 Pingidentity 1 Pingone Mfa Integration Kit 2026-04-15 N/A
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials.
CVE-2023-40747 1 Aki 5 Pmman.exe\/enterprise Edition\/, Pmman.exe\/pro Edition\/, Pmman.exe\/pro Plus Imap4 Edition\/ and 2 more 2026-04-15 7.5 High
Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.
CVE-2023-41082 2026-04-15 4.4 Medium
Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-41092 2026-04-15 7.6 High
Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2023-41134 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3.
CVE-2023-41566 2026-04-15 8.1 High
OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions.
CVE-2023-41656 3 Elementor, Wordpress, Wpdive 3 Elementor, Wordpress, Better Addons For Elementor 2026-04-15 5.4 Medium
Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7.
CVE-2023-41816 2026-04-15 5 Medium
An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. 
CVE-2023-41817 2026-04-15 2.8 Low
An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information.
CVE-2023-41818 2026-04-15 5 Medium
An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs. 
CVE-2023-41819 2026-04-15 6.1 Medium
A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application that could allow a local attacker to access unauthorized content providers. 
CVE-2023-41829 2026-04-15 5 Medium
An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.
CVE-2023-41830 2026-04-15 6.5 Medium
An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization. 
CVE-2023-41833 1 Ieisystem 1 Uefi Firmware 2026-04-15 7.5 High
A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-41917 2026-04-15 10 Critical
Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution.
CVE-2023-41918 2026-04-15 10 Critical
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code.
CVE-2023-41920 2026-04-15 9.8 Critical
The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.