Export limit exceeded: 11343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11343 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27910 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authentication. | ||||
| CVE-2024-27911 | 1 Lenovo | 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more | 2026-04-15 | 7.5 High |
| A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. | ||||
| CVE-2024-2882 | 2026-04-15 | N/A | ||
| SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system. | ||||
| CVE-2024-30216 | 2026-04-15 | 4.3 Medium | ||
| Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted. | ||||
| CVE-2024-30217 | 2026-04-15 | 4.3 Medium | ||
| Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted. | ||||
| CVE-2024-3071 | 1 Wordpress | 2 Acf-on-the-go, Wordpress | 2026-04-15 | 4.3 Medium |
| The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfg_update_fields() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary post titles, descriptions, and ACF values. | ||||
| CVE-2024-31695 | 1 Binance | 3 Btc, Crypto, Nfts | 2026-04-15 | 9.8 Critical |
| A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentication when adding a new fingerprint. | ||||
| CVE-2024-32692 | 2026-04-15 | 8.2 High | ||
| Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9. | ||||
| CVE-2024-35168 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through 2.5.1. | ||||
| CVE-2024-35174 | 2 Flothemes, Wordpress | 2 Flo Forms, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42. | ||||
| CVE-2024-3520 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber access and above, to add states or cities to the dropdown. | ||||
| CVE-2024-35237 | 1 Zelnickb | 1 Mit Identibot | 2026-04-15 | 7.5 High |
| MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e impacts all users who have performed verification with an instance of MIT IdentiBot that meets the following conditions: The instance of IdentiBot is tied to a "public" Discord application—i.e., users other than the API access registrant can add it to servers; *and* the instance has not yet been patched. In affected versions, IdentiBot does not check that a server is authorized before allowing members to execute slash and user commands in that server. As a result, any user can join IdentiBot to their server and then use commands (e.g., `/kerbid`) to reveal the full name and other information about a Discord user who has verified their affiliation with MIT using IdentiBot. The latest version of MIT IdentiBot contains a patch for this vulnerability (implemented in commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e). There is no way to prevent exploitation of the vulnerability without the patch. To prevent exploitation of the vulnerability, all vulnerable instances of IdentiBot should be taken offline until they have been updated. | ||||
| CVE-2024-3585 | 1 Send Pdf For Contact Form 7 Project | 1 Send Pdf For Contact Form 7 | 2026-04-15 | 5.3 Medium |
| The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about contact form entries with PDFs. | ||||
| CVE-2024-3626 | 2026-04-15 | 4.3 Medium | ||
| The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including, 5.7.17. This makes it possible for authenticated attackers, with subscriber access and above, to obtain the contents of private and password-protected posts. | ||||
| CVE-2024-37232 | 1 Toddnestor | 1 Hercules Core | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5. | ||||
| CVE-2024-37249 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1. | ||||
| CVE-2024-37250 | 2026-04-15 | 5.4 Medium | ||
| Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1. | ||||
| CVE-2024-37254 | 2 Mndpsingh287, Wordpress | 2 File Manager, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7. | ||||
| CVE-2024-37296 | 2026-04-15 | 5.3 Medium | ||
| The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue. | ||||
| CVE-2024-38733 | 2026-04-15 | 5.4 Medium | ||
| Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12. | ||||