Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36832 | 1 Wpindeed | 1 Ultimate Membership Pro | 2026-04-15 | 9.8 Critical |
| The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID. | ||||
| CVE-2022-43110 | 1 Voltronicpower | 1 Viewpower | 2026-04-15 | 9.8 Critical |
| Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down. | ||||
| CVE-2022-37410 | 2026-04-15 | 7 High | ||
| Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-47155 | 1 Perl | 1 Perl | 2026-04-15 | 9.1 Critical |
| The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | ||||
| CVE-2022-26389 | 2026-04-15 | 7.7 High | ||
| An improper access control vulnerability may allow privilege escalation.This issue affects: * ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; * ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; * ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; * ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions 2.2.0 and prior. | ||||
| CVE-2020-37156 | 2 Bloodx Project, Diveshlunker | 2 Bloodx, Bloodx | 2026-04-15 | 6.5 Medium |
| BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access. | ||||
| CVE-2025-5872 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-20315 | 1 Cisco | 1 Ios Xr Software | 2026-04-15 | 5.8 Medium |
| A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL. | ||||
| CVE-2024-2019 | 2 Acceleration, Wordpress | 2 Wp-db-table-editor, Wordpress | 2026-04-15 | 7.5 High |
| The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbte_render' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with contributor access and above, to modify database tables that the theme has been configured to use the plugin to edit. | ||||
| CVE-2024-21483 | 2026-04-15 | 4.6 Medium | ||
| A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. | ||||
| CVE-2024-21767 | 2026-04-15 | 9.4 Critical | ||
| A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request. | ||||
| CVE-2024-21828 | 1 Intel | 2 Ethernet Adapter Complete Driver Pack, Ethernet Connections Boot Utility Preboot Images And Efi Drivers | 2026-04-15 | 6.7 Medium |
| Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22830 | 1 Windows-kernel | 1 Ace-base-sys | 2026-04-15 | 5.3 Medium |
| Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL level. | ||||
| CVE-2024-1726 | 1 Redhat | 1 Quarkus | 2026-04-15 | 5.3 Medium |
| A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service. | ||||
| CVE-2024-1678 | 2 Dunhakdis, Wordpress | 2 Subway-private Site Option, Wordpress | 2026-04-15 | 5.3 Medium |
| The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content. | ||||
| CVE-2024-1610 | 2026-04-15 | 9.8 Critical | ||
| In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. | ||||
| CVE-2024-1609 | 2026-04-15 | N/A | ||
| In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation. | ||||
| CVE-2024-25133 | 2026-04-15 | 8.8 High | ||
| A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod. | ||||
| CVE-2024-27200 | 2026-04-15 | 4.4 Medium | ||
| Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-28087 | 1 Bonitasoft | 1 Bonita Web | 2026-04-15 | 6.5 Medium |
| In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable. | ||||