Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7893 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41624 | 2026-04-15 | 6.3 Medium | ||
| Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact. | ||||
| CVE-2024-4163 | 2026-04-15 | 8 High | ||
| The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exec and download functions. By replacing the /etc/passwd file with a new root user entry, the attacker was able to breakout from the limited shell and login to a unrestricted shell with root access. With the root access, the attacker will be able take full control of the IIoT Gateway. | ||||
| CVE-2024-41729 | 2026-04-15 | 4.3 Medium | ||
| Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application. | ||||
| CVE-2024-42371 | 2026-04-15 | 5.4 Medium | ||
| The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application. | ||||
| CVE-2024-42372 | 1 Sap | 1 Netweaver System Landscape Directory | 2026-04-15 | 6.5 Medium |
| Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application. | ||||
| CVE-2024-42380 | 2026-04-15 | 4.3 Medium | ||
| The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application. | ||||
| CVE-2024-43119 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12. | ||||
| CVE-2024-43120 | 1 Gmo | 1 Typesquare Webfonts For Conoha | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7. | ||||
| CVE-2024-43122 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9. | ||||
| CVE-2024-43134 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in xootix Waitlist Woocommerce ( Back in stock notifier ) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Waitlist Woocommerce ( Back in stock notifier ): from n/a through 2.6. | ||||
| CVE-2024-43143 | 2026-04-15 | 6.4 Medium | ||
| Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1. | ||||
| CVE-2024-43146 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.3 Medium |
| Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1. | ||||
| CVE-2024-43154 | 2 Bracketspace, Wordpress | 2 Advanced Cron Manager, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9. | ||||
| CVE-2024-43157 | 2 Ncrafts, Wordpress | 2 Formcraft, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10. | ||||
| CVE-2024-43209 | 1 Bitly | 1 Bitly | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2. | ||||
| CVE-2024-4319 | 2026-04-15 | 5.3 Medium | ||
| The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms. | ||||
| CVE-2024-43212 | 1 Magepeople | 1 Wptravelly | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7. | ||||
| CVE-2024-43215 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in creativemotion Social Slider Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Slider Feed: from n/a through 2.2.2. | ||||
| CVE-2024-43219 | 1 Woocommerce | 1 Persian-woocommerce | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6. | ||||
| CVE-2024-43235 | 2026-04-15 | 7.1 High | ||
| Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10. | ||||