Export limit exceeded: 11170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31820 | 1 Sylius | 1 Sylius | 2026-04-16 | 6.5 Medium |
| Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference (IDOR) vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via #[LiveArg] parameters. Unlike props, which are protected by LiveComponent's @checksum, args are fully user-controlled - any action that accepts a resource ID via #[LiveArg] and loads it with ->find() without ownership validation is vulnerable. Checkout address FormComponent (addressFieldUpdated action): Accepts an addressId via #[LiveArg] and loads it without verifying ownership, exposing another user's first name, last name, company, phone number, street, city, postcode, and country. Cart WidgetComponent (refreshCart action): Accepts a cartId via #[LiveArg] and loads any order directly from the repository, exposing order total and item count. Cart SummaryComponent (refreshCart action): Accepts a cartId via #[LiveArg] and loads any order directly from the repository, exposing subtotal, discount, shipping cost, taxes (excluded and included), and order total. Since sylius_order contains both active carts (state=cart) and completed orders (state=new/fulfilled) in the same ID space, the cart IDOR exposes data from all orders, not just active carts. The issue is fixed in versions: 2.0.16, 2.1.12, 2.2.3 and above. | ||||
| CVE-2026-31832 | 1 Umbraco | 2 Cms, Umbraco Cms | 2026-04-16 | 5.4 Medium |
| Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by insufficient authorization enforcement on the affected API endpoint, whereby via an API call, domains can be set on content nodes that the editor does not have permission to access (either via user group privileges or start nodes). This vulnerability is fixed in 16.5.1 and 17.2.2. | ||||
| CVE-2026-2376 | 2 Mirror-registry, Redhat | 3 Quay, Mirror Registry, Quay | 2026-04-16 | 4.9 Medium |
| A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to. | ||||
| CVE-2026-24599 | 2 Wordpress, Xlplugins | 2 Wordpress, Nextmove | 2026-04-16 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0. | ||||
| CVE-2026-24634 | 2 Rustaurius, Wordpress | 2 Ultimate Reviews, Wordpress | 2026-04-16 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through <= 3.2.16. | ||||
| CVE-2026-1251 | 2 Psmplugins, Wordpress | 2 Supportcandy – Helpdesk & Customer Support Ticket System, Wordpress | 2026-04-16 | 5.4 Medium |
| The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'add_reply' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to steal file attachments uploaded by other users by specifying arbitrary attachment IDs in the 'description_attachments' parameter, re-associating those files to their own tickets and removing access from the original owners. | ||||
| CVE-2026-24991 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through <= 3.4.0. | ||||
| CVE-2026-23103 | 1 Linux | 1 Linux Kernel | 2026-04-16 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. So 1) Introduce per-port addrs_lock. 2) It was needed to fix places where it was forgotten to take lock (ipvlan_open/ipvlan_close) This appears to be a very minor problem though. Since it's highly unlikely that ipvlan_add_addr() will be called on 2 CPU simultaneously. But nevertheless, this could cause: 1) False-negative of ipvlan_addr_busy(): one interface iterated through all port->ipvlans + ipvlan->addrs under some ipvlan spinlock, and another added IP under its own lock. Though this is only possible for IPv6, since looks like only ipvlan_addr6_event() can be called without rtnl_lock. 2) Race since ipvlan_ht_addr_add(port) is called under different ipvlan->addrs_lock locks This should not affect performance, since add/remove IP is a rare situation and spinlock is not taken on fast paths. | ||||
| CVE-2026-23105 | 1 Linux | 1 Linux Kernel | 2026-04-16 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation. | ||||
| CVE-2026-1271 | 2 Metagauss, Wordpress | 2 Profilegrid, Wordpress | 2026-04-16 | 5.3 Medium |
| The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pm_upload_image' and 'pm_upload_cover_image' AJAX actions. This is due to the update_user_meta() function being called outside of the user authorization check in public/partials/crop.php and public/partials/coverimg_crop.php. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change any user's profile picture or cover image, including administrators. | ||||
| CVE-2026-20667 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-04-16 | 8.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox. | ||||
| CVE-2026-25005 | 2 N-media, Wordpress | 2 Frontend File Manager, Wordpress | 2026-04-16 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.5. | ||||
| CVE-2001-0682 | 2 Checkpoint, Zonelabs | 2 Zonealarm Pro, Zonealarm | 2026-04-16 | 5.5 Medium |
| ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting. | ||||
| CVE-2002-0055 | 1 Microsoft | 3 Exchange Server, Windows 2000, Windows Xp | 2026-04-16 | N/A |
| SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | ||||
| CVE-2002-0051 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | 7.8 High |
| Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. | ||||
| CVE-2002-1850 | 1 Apache | 1 Http Server | 2026-04-16 | 7.5 High |
| mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. | ||||
| CVE-2005-2456 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2026-04-16 | 5.5 Medium |
| Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array. | ||||
| CVE-2005-1475 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. | ||||
| CVE-2005-4206 | 1 Blackboard | 1 Academic Suite | 2026-04-16 | 6.1 Medium |
| Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page. | ||||
| CVE-2002-1914 | 2 Dump Project, Redhat | 2 Dump, Enterprise Linux | 2026-04-16 | 5.5 Medium |
| dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file. | ||||