Export limit exceeded: 25414 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10817 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10817 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43358 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-28 | 8.8 High |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A shortcut may be able to bypass sandbox restrictions. | ||||
| CVE-2025-43329 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2026-04-28 | 8.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43397 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-27 | 5.5 Medium |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to cause a denial-of-service. | ||||
| CVE-2025-43387 | 1 Apple | 2 Macos, Macos Sequoia | 2026-04-27 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. A malicious app may be able to gain root privileges. | ||||
| CVE-2026-6393 | 2 Wordpress, Wpdevteam | 2 Wordpress, Betterdocs – Knowledge Base Docs & Faq Solution For Elementor & Block Editor | 2026-04-27 | 4.3 Medium |
| The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() function, which relies solely on a nonce rather than verifying user permissions. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger OpenAI API calls using the site's configured API key with arbitrary user-controlled prompts, leading to unauthorized consumption of the site owner's paid AI API quota. | ||||
| CVE-2025-43497 | 1 Apple | 1 Macos | 2026-04-27 | 5.2 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox. | ||||
| CVE-2026-5488 | 2 Smub, Wordpress | 2 Exactmetrics – Google Analytics Dashboard For Wordpress (website Stats Plugin), Wordpress | 2026-04-27 | 5.3 Medium |
| The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the get_ads_access_token() and reset_experience() AJAX handlers. While the mi-admin-nonce is localized on all admin pages (including profile.php which subscribers can access), and while other similar AJAX endpoints in the same class properly check for the exactmetrics_save_settings capability, these two endpoints only verify the nonce. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve valid Google Ads access tokens and reset Google Ads integration settings. | ||||
| CVE-2026-41248 | 1 Clerk | 4 Astro, Nextjs, Nuxt and 1 more | 2026-04-27 | 9.1 Critical |
| Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in @clerk/astro 1.5.7, 2.17.10, and 3.0.15; @clerk/nextjs 5.7.6, 6.39.2, and 7.2.1; @clerk/nuxt 1.13.28 and 2.2.2; and @clerk/shared 2.22.1, 3.47.4, anc 4.8.1 | ||||
| CVE-2026-40574 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2026-04-27 | 6.8 Medium |
| OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the email_domain enforcement option. An attacker may be able to authenticate with an email claim such as attacker@evil.com@company.com and satisfy an allowed domain check for company.com, even though the claim is not a valid email address. The issue ONLY affects deployments that rely on email_domain restrictions and accept email claim values from identity providers or claim mappings that do not strictly enforce normal email syntax. This vulnerability is fixed in 7.15.2. | ||||
| CVE-2025-69027 | 2 Tychesoftwares, Wordpress | 2 Product Delivery Date For Woocommerce Lite, Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through <= 3.2.0. | ||||
| CVE-2025-49949 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.4 Medium |
| Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2. | ||||
| CVE-2026-40155 | 1 Auth0 | 1 Nextjs-auth0 | 2026-04-27 | 5.4 Medium |
| The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if their project uses both the vulnerable versions and the proxy handler /me/* and /my-org/* with DPoP enabled. This issue has been fixed in version 4.18.0. | ||||
| CVE-2025-49925 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2026-04-27 | 7.5 High |
| Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7. | ||||
| CVE-2025-49922 | 2 Etruel, Wordpress | 2 Wpematico Rss Feed Fetcher, Wordpress | 2026-04-27 | 4.3 Medium |
| Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3. | ||||
| CVE-2025-49394 | 2 Bplugins, Wordpress | 2 Image Gallery Block, Wordpress | 2026-04-27 | 7.1 High |
| Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo gallery/photo album.: from n/a through <= 1.0.7. | ||||
| CVE-2025-49375 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.4 Medium |
| Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1. | ||||
| CVE-2025-49376 | 2 Delucks, Wordpress | 2 Delucks Seo, Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9. | ||||
| CVE-2025-58986 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 6.5 Medium |
| Missing Authorization vulnerability in ganddser Jock On Air Now (JOAN) joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now (JOAN): from n/a through <= 6.0.4. | ||||
| CVE-2025-69385 | 2 Agnihd, Wordpress | 2 Cartify - Woocommerce Gutenberg Wordpress Theme, Wordpress | 2026-04-27 | 6.5 Medium |
| Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through <= 1.3. | ||||
| CVE-2025-68980 | 2 Designthemes, Wordpress | 2 Wedesigntech-portfolio, Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2. | ||||