Export limit exceeded: 346348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346348 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46846 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget wp-trending-post-slider-and-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trending/Popular Post Slider and Widget: from n/a through <= 1.5.7. | ||||
| CVE-2022-46840 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.7.1. | ||||
| CVE-2022-46838 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-04-23 | 9.1 Critical |
| Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.7.1. | ||||
| CVE-2022-46811 | 2026-04-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in VillaTheme ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce woo-alidropship allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through <= 1.0.21. | ||||
| CVE-2022-46807 | 2026-04-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in WP Trio Stock Sync for WooCommerce stock-sync-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through <= 2.3.2. | ||||
| CVE-2022-46796 | 2 Villatheme, Wordpress | 2 Curcy, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in VillaTheme CURCY woo-multi-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through <= 2.1.25. | ||||
| CVE-2022-46795 | 1 Tychesoftwares | 1 Print Invoice \& Delivery Notes For Woocommerce | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 4.7.2. | ||||
| CVE-2022-45841 | 2 Robosoft, Wordpress | 2 Robo Gallery, Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in robosoft Robo Gallery robo-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through <= 3.2.9. | ||||
| CVE-2022-45840 | 2026-04-23 | 6.5 Medium | ||
| Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links wp-auto-affiliate-links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through <= 6.2.1.5. | ||||
| CVE-2022-45832 | 1 Hennessey | 1 Attorney | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in Hennessey Digital Attorney attorney allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Attorney: from n/a through 3. | ||||
| CVE-2022-45819 | 1 Code-atlantic | 1 Popup Maker | 2026-04-23 | 3.5 Low |
| Missing Authorization vulnerability in Daniel Iser Popup Maker popup-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through <= 1.17.1. | ||||
| CVE-2022-45806 | 1 Strategy11 | 1 Formidable Forms | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Strategy11 Team Formidable Forms formidable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through <= 5.5.4. | ||||
| CVE-2022-44578 | 2 Pierre-jehan, Wordpress | 2 Owl Carousel, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in pjehan Owl Carousel owl-carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through <= 0.5.3. | ||||
| CVE-2022-43472 | 2026-04-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom: from n/a through <= 1.4.6. | ||||
| CVE-2022-41650 | 2 Paul, Wordpress | 2 Custom Content By Country (by Shield Security), Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through <= 3.1.2. | ||||
| CVE-2021-41715 | 1 Libsixel | 1 Libsixel | 2026-04-23 | 8.8 High |
| libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. | ||||
| CVE-2025-61146 | 1 Saitoha | 1 Libsixel | 2026-04-23 | 4 Medium |
| saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c. | ||||
| CVE-2026-30459 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-04-23 | 7.1 High |
| An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message. | ||||
| CVE-2026-35464 | 1 Pyload | 1 Pyload | 2026-04-23 | 7.5 High |
| pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options. The storage_folder option is not in this set and passes the existing path restriction because the Flask session directory is outside both PKGDIR and userdir. A user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store, plant a malicious pickle payload as a predictable session file, and trigger arbitrary code execution when any HTTP request arrives with the corresponding session cookie. This vulnerability is fixed with commit c4cf995a2803bdbe388addfc2b0f323277efc0e1. | ||||
| CVE-2026-34082 | 2 Dify, Langgenius | 2 Dify, Dify | 2026-04-23 | 4.3 Medium |
| Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue. | ||||