Export limit exceeded: 11350 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11350 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52199 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through 1.0.5. | ||||
| CVE-2023-52224 | 2 Revolut, Wordpress | 2 Revolut Gateway For Woocommerce, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through 4.9.7. | ||||
| CVE-2023-52227 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8. | ||||
| CVE-2025-42891 | 1 Sap | 1 Enterprise Search For Abap | 2026-04-15 | 5.5 Medium |
| Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on application's availability. | ||||
| CVE-2025-42949 | 1 Sap | 1 Abap Platform | 2026-04-15 | 4.9 Medium |
| Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization, leading to a significant compromise of data confidentiality. However, the integrity and availability of the system remain unaffected. | ||||
| CVE-2025-42952 | 2026-04-15 | 7.7 High | ||
| SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short dumps on login. This could cause a high impact on availability. Data confidentiality and integrity are not affected. No data can be read, changed or deleted. | ||||
| CVE-2025-42961 | 1 Sap | 1 Netweaver Application Server For Abap | 2026-04-15 | 4.9 Medium |
| Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected. | ||||
| CVE-2025-42982 | 2026-04-15 | 8.8 High | ||
| SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2025-42983 | 2026-04-15 | 8.5 High | ||
| SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any data. | ||||
| CVE-2025-42984 | 2026-04-15 | 5.4 Medium | ||
| SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application. | ||||
| CVE-2025-5288 | 2026-04-15 | 9.8 Critical | ||
| The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges. | ||||
| CVE-2025-32408 | 1 Soffid | 1 Iam | 2026-04-15 | 2.5 Low |
| In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled. | ||||
| CVE-2023-6400 | 2026-04-15 | 7.4 High | ||
| Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4. | ||||
| CVE-2024-0138 | 1 Nvidia | 1 Base Command Manager | 2026-04-15 | 9.8 Critical |
| NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0394 | 2026-04-15 | 7.8 High | ||
| Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege. The vulnerability is caused by the product's implementation of OpenSSL's`OPENSSLDIR` parameter where it is set to a path accessible to low-privileged users. The vulnerability has been remediated and fixed in version 4.5.5. | ||||
| CVE-2025-4430 | 2026-04-15 | N/A | ||
| Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024). | ||||
| CVE-2025-66167 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Lottier lottier-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier: from n/a through <= 1.1.1. | ||||
| CVE-2025-23187 | 2026-04-15 | 5.3 Medium | ||
| Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability. | ||||
| CVE-2025-23188 | 2026-04-15 | 4.3 Medium | ||
| An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability. | ||||
| CVE-2025-23189 | 2026-04-15 | 4.3 Medium | ||
| Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability | ||||