Export limit exceeded: 10543 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45556 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10543 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62747 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through <= 1.3.4. | ||||
| CVE-2025-62755 | 2 Gsplugins, Wordpress | 2 Gs Portfolio For Envato, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through <= 1.4.2. | ||||
| CVE-2025-63016 | 2 Quadlayers, Wordpress | 2 Tiktok Feed, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in quadlayers QuadLayers TikTok Feed wp-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through <= 4.6.5. | ||||
| CVE-2024-10527 | 2 Clevelandwebdeveloper, Wordpress | 2 Spacer, Wordpress | 2026-04-15 | 3.1 Low |
| The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information. | ||||
| CVE-2024-10536 | 2026-04-15 | 4.3 Medium | ||
| The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes. | ||||
| CVE-2025-22228 | 1 Redhat | 2 Apache Camel Spring Boot, Ocp Tools | 2026-04-15 | 7.4 High |
| BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. | ||||
| CVE-2025-22260 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Marcus (aka @msykes) Meta Tag Manager meta-tag-manager.This issue affects Meta Tag Manager: from n/a through <= 3.1. | ||||
| CVE-2025-22291 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition ltl-freight-quotes-worldwide-express-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through <= 5.0.20. | ||||
| CVE-2025-22319 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47. | ||||
| CVE-2025-23440 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in radicaldesigns radSLIDE radslide allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects radSLIDE: from n/a through <= 2.1. | ||||
| CVE-2025-23534 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Mark Winiarski WPLingo wplingo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLingo: from n/a through <= 1.1.2. | ||||
| CVE-2025-24682 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Michael Super Block Slider super-block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Block Slider: from n/a through <= 2.7.9. | ||||
| CVE-2024-12542 | 2026-04-15 | 8.6 High | ||
| The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited. | ||||
| CVE-2025-2568 | 2026-04-15 | 5.3 Medium | ||
| The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1. This makes it possible for unauthenticated attackers to read plugin options and update any option with a key name ending in '_value'. | ||||
| CVE-2025-26655 | 2026-04-15 | 3.1 Low | ||
| SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. | ||||
| CVE-2025-26733 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. | ||||
| CVE-2024-54227 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Dotstore Minimum and Maximum Quantity for WooCommerce min-and-max-quantity-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimum and Maximum Quantity for WooCommerce: from n/a through <= 2.0.0. | ||||
| CVE-2024-53938 | 1 Victure | 1 Rx1800 Firmware | 2026-04-15 | 8.8 High |
| An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication. | ||||
| CVE-2025-27294 | 2 Platcom, Wordpress | 2 Wp-asambleas, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through <= 2.85.0. | ||||
| CVE-2024-54239 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through <= 4.0.18. | ||||