Search Results (37515 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-1499 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the `process_add_site()` AJAX action combined with path traversal in the file upload functionality. This makes it possible for authenticated (subscriber-level) attackers to set the internal `prod_key_random_id` option, which can then be used by an unauthenticated attacker to bypass authentication checks and write arbitrary files to the server via the `handle_upload_single_big_file()` function, ultimately leading to remote code execution.
CVE-2026-21514 1 Microsoft 6 365 Apps, Office 2021, Office 2024 and 3 more 2026-04-15 7.8 High
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-21250 1 Microsoft 11 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 8 more 2026-04-15 7.8 High
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-5368 1 Projectworlds 1 Car Rental Project 2026-04-15 7.3 High
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVE-2026-27298 2 Adobe, Microsoft 2 Framemaker, Windows 2026-04-15 7.8 High
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-27300 2 Adobe, Microsoft 2 Framemaker, Windows 2026-04-15 5.5 Medium
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-21232 1 Microsoft 14 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 11 more 2026-04-15 7.8 High
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-1786 2 Badbreze, Wordpress 2 Twitter Posts To Blog, Wordpress 2026-04-15 6.5 Medium
The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including Twitter API credentials, post author, post status, and the capability required to access the plugin's admin menu.
CVE-2026-1833 2 Sm Rasmy, Wordpress 2 Wamate Confirm – Order Confirmation, Wordpress 2026-04-15 5.3 Medium
The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to block and unblock phone numbers, which should be restricted to administrators.
CVE-2026-2576 2 Strategy11, Wordpress 2 Business Directory Plugin - Easy Listing Directories, Wordpress 2026-04-15 7.5 High
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-1925 2 Roxnor, Wordpress 2 Emailkit – Email Customizer For Woocommerce & Wp, Wordpress 2026-04-15 4.3 Medium
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title of any post on the site, including posts, pages, and custom post types.
CVE-2026-1937 2 Wordpress, Yaycommerce 2 Wordpress, Yaymail – Woocommerce Email Customizer 2026-04-15 7.2 High
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the `yaymail_import_state` AJAX action in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVE-2026-1831 2 Wordpress, Yaycommerce 2 Wordpress, Yaymail – Woocommerce Email Customizer 2026-04-15 2.7 Low
The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX action and `/yaymail/v1/addons/activate` REST endpoint in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install and activate the YaySMTP plugin.
CVE-2026-2127 2 Gpriday, Wordpress 2 Siteorigin Widgets Bundle, Wordpress 2026-04-15 5.4 Medium
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the `siteorigin_widget_preview_widget_action()` function which is registered via the `wp_ajax_so_widgets_preview` AJAX action. The function only verifies a nonce (`widgets_action`) but does not check user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes by invoking the `SiteOrigin_Widget_Editor_Widget` via the preview endpoint. The required nonce is exposed on the public frontend when the Post Carousel widget is present on a page, embedded in the `data-ajax-url` HTML attribute.
CVE-2026-1656 2 Strategy11, Wordpress 2 Business Directory Plugin - Easy Listing Directories, Wordpress 2026-04-15 5.3 Medium
The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles, content, and email addresses, by directly referencing the listing ID in crafted requests to the wpbdp_ajax AJAX action.
CVE-2026-1317 2 Smackcoders, Wordpress 2 Wp Import – Ultimate Csv Xml Importer For Wordpress, Wordpress 2026-04-15 6.5 Medium
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the `file_name` parameter which is stored in the database during file upload and later used in raw SQL queries without proper sanitization. This makes it possible for authenticated attackers with Subscriber-level access or higher to append additional SQL queries into already existing queries via a malicious filename, which can be used to extract sensitive information from the database. The vulnerability can only be exploited when the 'Single Import/Export' option is enabled, and the server is running a PHP version < 8.0.
CVE-2026-34512 1 Openclaw 1 Openclaw 2026-04-15 8.1 High
OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticated requests to kill arbitrary subagent sessions via the killSubagentRunAdmin function, bypassing ownership and operator scope restrictions.
CVE-2026-35631 1 Openclaw 1 Openclaw 2026-04-15 6.5 Medium
OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates.
CVE-2026-39356 2 Drizzle, Drizzle-team 2 Drizzle, Drizzle-orm 2026-04-15 7.5 High
Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName() implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled input to APIs that construct SQL identifiers or aliases, such as sql.identifier(), .as(), may allow an attacker to terminate the quoted identifier and inject SQL. This vulnerability is fixed in 0.45.2 and 1.0.0-beta.20.
CVE-2026-1999 1 Github 1 Enterprise Server 2026-04-15 6.5 Medium
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable_auto_merge mutation for pull requests. This issue only affected repositories that allow forking as the attack relies on opening a pull request from an attacker-controlled fork into the target repository. Exploitation was only possible in specific scenarios. It required a clean pull request status and only applied to branches without branch protection rules enabled. This vulnerability affected GitHub Enterprise Server versions prior to 3.19.2, 3.18.5, and 3.17.11, and was fixed in versions 3.19.2, 3.18.5, and 3.17.11. This vulnerability was reported via the GitHub Bug Bounty program.