Search Results (11626 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-31331 2026-04-15 4.3 Medium
SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.
CVE-2024-48548 1 Cloud Smart Lock 1 Cloud Smart Lock Firmware 2026-04-15 9.3 Critical
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack.
CVE-2024-48547 1 Dreamcatcher Iot Technology 1 Dreamcatcher Life Firmware 2026-04-15 8.4 High
Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVE-2024-4280 2 Videousermanuals, Wordpress 2 White-label-cms, Wordpress 2026-04-15 5.3 Medium
The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings.
CVE-2024-48542 1 Yamaha 1 Headphones Controller Firmware 2026-04-15 8.4 High
Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVE-2025-67568 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1.
CVE-2024-27911 1 Lenovo 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more 2026-04-15 7.5 High
A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password.
CVE-2024-27910 2026-04-15 5.3 Medium
A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authentication.
CVE-2025-54751 2 Wordpress, Wpxpo 2 Wordpress, Postx 2026-04-15 7.1 High
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.
CVE-2025-4477 1 Teamt5 1 Threatsonar Anti-ransomware 2026-04-15 7.2 High
The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API.
CVE-2024-34820 2026-04-15 6.5 Medium
Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1.
CVE-2024-4410 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others.
CVE-2024-5855 2 Media Hygiene, Wordpress 2 Media Hygiene, Wordpress 2026-04-15 4.3 Medium
The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. A nonce check was added in version 3.0.1, however, it wasn't until version 3.0.2 that a capability check was added.
CVE-2024-6591 1 Nitesh Singh 1 Ultimate Wordpress Auction Plugin 2026-04-15 5.8 Medium
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'send_auction_email_callback' and 'resend_auction_email_callback' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to craft emails that include links and send to any email address.
CVE-2024-13767 1 Wordpress 1 Wordpress 2026-04-15 8.1 High
The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVE-2024-42372 1 Sap 1 Netweaver System Landscape Directory 2026-04-15 6.5 Medium
Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.
CVE-2024-37220 1 Optinly 1 Optinly 2026-04-15 5.3 Medium
Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18.
CVE-2025-64369 2 Codepeople, Wordpress 2 Contact Form Email, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.
CVE-2025-41016 1 Davantis 1 Dfusion 2026-04-15 N/A
Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms/<ALARM_ID>/<MEDIA>”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images recorded by security cameras in response to triggered alerts.
CVE-2024-2378 2026-04-15 8 High
A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations.