Export limit exceeded: 360226 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360226 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360226 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11398 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69192 | 2 E-plugins, Wordpress | 2 Real Estate Pro, Wordpress | 2026-04-15 | 7.3 High |
| Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5. | ||||
| CVE-2025-69193 | 2 E-plugins, Wordpress | 2 Wp Membership, Wordpress | 2026-04-15 | 7.3 High |
| Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4. | ||||
| CVE-2025-4563 | 1 Kubernetes | 1 Kubernetes | 2026-04-15 | 2.7 Low |
| A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation. | ||||
| CVE-2024-1984 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source. | ||||
| CVE-2025-3476 | 2026-04-15 | N/A | ||
| Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4. | ||||
| CVE-2025-20701 | 1 Airoha | 4 Ab156x, Ab157x, Ab158x and 1 more | 2026-04-15 | 8.8 High |
| In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-4430 | 2026-04-15 | N/A | ||
| Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024). | ||||
| CVE-2025-33185 | 1 Nvidia | 1 Aistore | 2026-04-15 | 5.3 Medium |
| NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure. A successful exploit of this vulnerability may lead to information disclosure. | ||||
| CVE-2025-3260 | 1 Grafana | 1 Grafana | 2026-04-15 | 8.3 High |
| A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dashboards/folders regardless of permissions - Editors can view/edit/delete all dashboards/folders regardless of permissions - Editors can create dashboards in any folder regardless of permissions - Anonymous users with viewer/editor roles are similarly affected Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources. | ||||
| CVE-2025-67540 | 3 Elementor, Wealcoder, Wordpress | 3 Elementor, Animation Addons For Elementor, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from n/a through <= 2.4.5. | ||||
| CVE-2025-43011 | 2026-04-15 | 7.7 High | ||
| Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availability of the application. | ||||
| CVE-2025-43000 | 2026-04-15 | 7.9 High | ||
| Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application. | ||||
| CVE-2025-42993 | 2026-04-15 | 6.7 Medium | ||
| Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user. This allows the attacker to consume events via the RFC destination, leading to code execution under the privileges of the assigned high-privilege user. While the vulnerability has a low impact on Availability, it significantly poses a high risk to both Confidentiality and Integrity. | ||||
| CVE-2025-42991 | 2026-04-15 | 4.3 Medium | ||
| SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application. | ||||
| CVE-2025-42989 | 1 Sap | 1 Netweaver Application Server For Abap | 2026-04-15 | 9.6 Critical |
| RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application. | ||||
| CVE-2025-42987 | 2026-04-15 | 4.3 Medium | ||
| SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application. | ||||
| CVE-2025-42984 | 2026-04-15 | 5.4 Medium | ||
| SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application. | ||||
| CVE-2025-42983 | 2026-04-15 | 8.5 High | ||
| SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any data. | ||||
| CVE-2025-42982 | 2026-04-15 | 8.8 High | ||
| SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2025-69331 | 2 Jeroen Schmit, Wordpress | 2 Theater For Wordpress, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.19. | ||||