Search Results (37486 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-25386 2 Elementor, Wordpress 2 Ally, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2.
CVE-2026-25388 2 Scripteo, Wordpress 2 Ads Pro, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.
CVE-2026-25395 2 Ikreatethemes, Wordpress 2 Business Roy, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through <= 1.1.4.
CVE-2026-25407 2 Cookiebot, Wordpress 2 Cookiebot, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.
CVE-2026-25408 2 Pluginrx, Wordpress 2 Broken Link Notifier, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through <= 1.3.5.
CVE-2026-25416 2 Blazethemes, Wordpress 2 News Kit Elementor Addons, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.
CVE-2026-25473 2 Aa-team, Wordpress 2 Wzone, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.
CVE-2026-27055 2 Pencidesign, Wordpress 2 Penci Ai Smartcontent Creator, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through <= 2.0.
CVE-2026-26336 1 Hyland 3 Alfresco Community, Alfresco Content Services, Alfresco Enterprise 2026-04-16 7.5 High
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
CVE-2026-27327 2 Wordpress, Yaycommerce 2 Wordpress, Yaymail – Woocommerce Email Customizer 2026-04-16 4.3 Medium
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through <= 4.3.2.
CVE-2026-27368 2 Seedprod, Wordpress 2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
CVE-2026-27387 2 Designinvento, Wordpress 2 Directorypress, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.
CVE-2026-24944 2 Wedevs, Wordpress 2 Subscribe2, Wordpress 2026-04-16 6.5 Medium
Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.
CVE-2026-24956 2 Shahjada, Wordpress 2 Download Manager Addons For Elementor, Wordpress 2026-04-16 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This issue affects Download Manager Addons for Elementor: from n/a through <= 1.3.0.
CVE-2026-22765 1 Dell 1 Wyse Management Suite 2026-04-16 8.8 High
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2026-26892 2 Oretnom23, Sourcecodester 2 Simple Logistic Hub Parcel\'s Management System, Logistic Hub Parcels Management System 2026-04-16 2.7 Low
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php.
CVE-2026-34852 1 Huawei 1 Harmonyos 2026-04-16 6.1 Medium
Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-35184 2 Ecclesiacrm, Phili67 2 Ecclesiacrm, Ecclesiacrm 2026-04-16 9.8 Critical
EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0.
CVE-2026-35406 1 Containers 1 Aardvark-dns 2026-04-16 6.2 Medium
Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1.
CVE-2026-3711 2 Carmelo, Code-projects 2 Simple Flight Ticket Booking System, Simple Flight Ticket Booking System 2026-04-16 4.7 Medium
A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.