Export limit exceeded: 11796 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2506 | 2026-04-15 | 5.3 Medium | ||
| When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it is running on a replication connection but does not perform this check. This vulnerability was introduced in the pglogical 3.x codebase, which is proprietary to EDB. The same code base has been integrated into BDR/PGD 4 and 5. To exploit the vulnerability the attacker needs at least CONNECT permissions to a database configured for replication and must understand a number of pglogical3/BDR specific commands and be able to decode the binary protocol. | ||||
| CVE-2019-25351 | 1 Centova Technologies Inc. | 1 Centova Cast | 2026-04-15 | 8.8 High |
| Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests. | ||||
| CVE-2024-50967 | 2026-04-15 | 6.5 Medium | ||
| The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information. | ||||
| CVE-2025-13956 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-15 | 5.3 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders statistics, including total revenue summaries and order status counts | ||||
| CVE-2026-24622 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolkit: from n/a through <= 5.0. | ||||
| CVE-2025-47585 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through <= 2.3.8. | ||||
| CVE-2025-58877 | 2 Javothemes, Wordpress | 2 Javo Core, Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529. | ||||
| CVE-2025-68016 | 3 Onepay Sri Lanka, Woocommerce, Wordpress | 3 Onepay Payment Gateway For Woocommerce, Woocommerce, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through <= 1.1.2. | ||||
| CVE-2025-49432 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through <= 10.1. | ||||
| CVE-2025-2515 | 1 Eclipse | 1 Bluechi | 2026-04-15 | 7.2 High |
| A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise. | ||||
| CVE-2025-53343 | 2 Goodlayers, Wordpress | 2 Modernize, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in GoodLayers Modernize modernize allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modernize: from n/a through <= 3.4.0. | ||||
| CVE-2025-68586 | 2 Goratech, Wordpress | 2 Cooked, Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through <= 1.11.3. | ||||
| CVE-2024-24703 | 2 Multivendorx, Wordpress | 2 Wc Marketplace, Wordpress | 2026-04-15 | 8.6 High |
| Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25. | ||||
| CVE-2025-31834 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in themeglow JobBoard Job listing job-board-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoard Job listing: from n/a through <= 1.2.8. | ||||
| CVE-2025-49441 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida interactive-map-of-florida allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Regional Map of Florida: from n/a through <= 1.0. | ||||
| CVE-2023-48684 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2026-04-15 | N/A |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | ||||
| CVE-2025-68587 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5. | ||||
| CVE-2024-24805 | 2 Deepak Anand, Wordpress | 2 Wp Dummy Content Generator, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2. | ||||
| CVE-2024-32783 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0. | ||||
| CVE-2024-2882 | 2026-04-15 | N/A | ||
| SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system. | ||||