Export limit exceeded: 10036 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10817 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10817 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41371 | 1 Openclaw | 1 Openclaw | 2026-04-28 | 8.5 High |
| OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin scope by exploiting improper authorization checks in the chat.send path. | ||||
| CVE-2026-31482 | 1 Linux | 1 Linux Kernel | 2026-04-28 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register on kernel entry Before commit f33f2d4c7c80 ("s390/bp: remove TIF_ISOLATE_BP"), all entry handlers loaded r12 with the current task pointer (lg %r12,__LC_CURRENT) for use by the BPENTER/BPEXIT macros. That commit removed TIF_ISOLATE_BP, dropping both the branch prediction macros and the r12 load, but did not add r12 to the register clearing sequence. Add the missing xgr %r12,%r12 to make the register scrub consistent across all entry points. | ||||
| CVE-2024-31358 | 1 Saleswonder.biz | 1 5 Star Rating Funnel | 2026-04-28 | 7.5 High |
| Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.2.67. | ||||
| CVE-2025-24121 | 1 Apple | 1 Macos | 2026-04-28 | 3.3 Low |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-24096 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files. | ||||
| CVE-2024-31375 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7. | ||||
| CVE-2024-31230 | 2 Shortpixel, Wordpress | 2 Shortpixel Adaptive Images, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.2. | ||||
| CVE-2025-30469 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-28 | 2.4 Low |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen. | ||||
| CVE-2025-31182 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-28 | 9.8 Critical |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delete files for which it does not have permission. | ||||
| CVE-2025-24245 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords. | ||||
| CVE-2025-43230 | 1 Apple | 8 Ios, Ipados, Iphone Os and 5 more | 2026-04-28 | 4 Medium |
| The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43286 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-28 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43318 | 1 Apple | 1 Macos | 2026-04-28 | 6.2 Medium |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Tahoe 26. An app with root privileges may be able to access private information. | ||||
| CVE-2025-43336 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-28 | 4.4 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app with root privileges may be able to access private information. | ||||
| CVE-2026-41679 | 1 Paperclip | 3 Paperclipai, Paperclipai/server, Paperclipai\/server | 2026-04-28 | 10 Critical |
| Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue. | ||||
| CVE-2025-62104 | 2 Navneil Naicker, Wordpress | 2 Acf Galerie 4, Wordpress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2. | ||||
| CVE-2026-5347 | 2 Mhmrajib, Wordpress | 2 Wp Books Gallery – Build Stunning Book Showcases & Libraries In Minutes, Wordpress | 2026-04-28 | 5.3 Medium |
| The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admin_init hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php. The vulnerable code checks only for the presence of the 'permalink_structure' POST parameter before updating the 'wbg_cpt_slug' option, without verifying that the request comes from an authenticated administrator. This makes it possible for unauthenticated attackers to modify the custom post type slug for the books gallery, which changes the URL structure for all book entries and can break existing links and SEO rankings. | ||||
| CVE-2025-11762 | 2 Hubspotdev, Wordpress | 2 Hubspot All-in-one Marketing – Forms, Popups, Live Chat, Wordpress | 2026-04-28 | 4.3 Medium |
| The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract a list of all installed plugins and their versions which can be leveraged for reconnaissance and further attacks. | ||||
| CVE-2026-3569 | 2 Liaison, Wordpress | 2 Liaison Site Prober, Wordpress | 2026-04-28 | 5.3 Medium |
| The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions_read() permission callback unconditionally returns true (via __return_true()) instead of checking for appropriate capabilities. This makes it possible for unauthenticated attackers to retrieve sensitive audit log data including IP addresses, user IDs, usernames, login/logout events, failed login attempts, and detailed activity descriptions. | ||||
| CVE-2025-24108 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data. | ||||