Export limit exceeded: 11315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11315 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20339 | 1 Cisco | 2 Sd-wan Vedge Cloud, Sd-wan Vedge Router | 2026-04-15 | 5.8 Medium |
| A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit deny all at the end of a configured ACL. An attacker could exploit this vulnerability by attempting to send unauthorized traffic to an interface on an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. | ||||
| CVE-2025-52168 | 2026-04-15 | 6.5 Medium | ||
| Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system. | ||||
| CVE-2025-0980 | 2 Linux, Nokia | 2 Linux, Service Router Linux | 2026-04-15 | 6.4 Medium |
| Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials. | ||||
| CVE-2025-24313 | 2 Intel, Kubernetes | 2 Device Plugins For Kubernetes, Kubernetes | 2026-04-15 | 4.4 Medium |
| Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2024-26291 | 2026-04-15 | N/A | ||
| An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application runs with the highest privileges (root/NT_AUTHORITY SYSTEM) by default attackers are able to obtain sensitive information. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1. | ||||
| CVE-2024-9106 | 1 Xunhuweb | 1 Wechat Social Login | 2026-04-15 | 9.8 Critical |
| The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This is only exploitable if the app secret is not set, so it has a default empty value. | ||||
| CVE-2025-8147 | 2 Aurelienlws, Wordpress | 2 Lwscache, Wordpress | 2026-04-15 | 4.3 Medium |
| The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscache_activatePlugin() function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate arbitrary whitelisted LWS plugins. | ||||
| CVE-2025-4672 | 2026-04-15 | 8.8 High | ||
| The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to read, create, update or delete any user meta, including flipping their own wp_capabilities to administrator and fully escalate their privileges. | ||||
| CVE-2025-11080 | 1 Zhuimengshaonian | 1 Wisdom-education | 2026-04-15 | 4.3 Medium |
| A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-4136 | 1 Weitong | 1 Mall | 2026-04-15 | 5.4 Medium |
| A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-47859 | 2026-04-15 | 5.5 Medium | ||
| Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-43027 | 1 Genetec | 1 Security Center | 2026-04-15 | 9.8 Critical |
| A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild. | ||||
| CVE-2024-21483 | 2026-04-15 | 4.6 Medium | ||
| A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. | ||||
| CVE-2023-32199 | 1 Suse | 1 Rancher | 2026-04-15 | 4.3 Medium |
| A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs | ||||
| CVE-2025-0783 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2020-36838 | 2026-04-15 | 7.4 High | ||
| The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. | ||||
| CVE-2025-12884 | 2 Monetizemore, Wordpress | 2 Advanced Ads – ad Manager & Adsense, Wordpress | 2026-04-15 | 4.3 Medium |
| The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `placement_update_item()` function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update ad placements, allowing them to change which ad or ad group a placement serves. | ||||
| CVE-2025-31486 | 1 Vitejs | 1 Vite | 2026-04-15 | 5.3 Medium |
| Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than build.assetsInlineLimit (default: 4kB) and when using Vite 6.0+. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 4.5.12, 5.4.17, 6.0.14, 6.1.4, and 6.2.5. | ||||
| CVE-2025-3550 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability has been found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /v1/pushConfig/detail/. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2020-36841 | 1 Woocommerce | 1 Woocommerce Smart Coupons | 2026-04-15 | 5.3 Medium |
| The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront. | ||||