Export limit exceeded: 357835 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2808 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7106 | 2 Jgrodgers, Wordpress | 2 Highland Software Custom Role Manager, Wordpress | 2026-04-29 | 8.8 High |
| The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrm_save_user_roles() function, which is hooked to the personal_options_update action accessible by any authenticated user. This makes it possible for authenticated attackers, with Subscriber-level access or higher, to potentially modify user roles via the profile update form. | ||||
| CVE-2024-11218 | 1 Redhat | 7 Enterprise Linux, Openshift, Openshift Ironic and 4 more | 2026-04-29 | 8.6 High |
| A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. | ||||
| CVE-2025-43248 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-28 | 7.8 High |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to gain root privileges. | ||||
| CVE-2024-37560 | 1 Iqbalrony | 1 Wp User Switch | 2026-04-28 | 8 High |
| Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0. | ||||
| CVE-2024-37952 | 1 Themeenergy | 2 Book Your Travel, Bookyourtravel | 2026-04-28 | 8.8 High |
| Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17. | ||||
| CVE-2024-34370 | 1 Wpfactory | 1 Ean For Woocommerce | 2026-04-28 | 7.2 High |
| Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. | ||||
| CVE-2023-51425 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.8 Critical |
| Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | ||||
| CVE-2023-51424 | 1 Saleswonder | 1 Webinarignition | 2026-04-28 | 9.8 Critical |
| Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0. | ||||
| CVE-2023-47868 | 1 Gvectors | 1 Wpforo Forum | 2026-04-28 | 7.3 High |
| Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3. | ||||
| CVE-2023-46145 | 1 Themify | 1 Ultra | 2026-04-28 | 8.8 High |
| Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5. | ||||
| CVE-2023-41665 | 1 Givewp | 1 Givewp | 2026-04-28 | 8.8 High |
| Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0. | ||||
| CVE-2023-26540 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-28 | 9.8 Critical |
| Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | ||||
| CVE-2023-25701 | 2 Watchtowerhq, Wordpress | 2 Watchtower, Wordpress | 2026-04-28 | 9.8 Critical |
| Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. | ||||
| CVE-2022-42888 | 1 Armemberplugin | 1 Armember | 2026-04-28 | 9.8 Critical |
| Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress. | ||||
| CVE-2026-6741 | 2 Latepoint, Wordpress | 2 Latepoint – Calendar Booking Plugin For Appointments And Events, Wordpress | 2026-04-28 | 8.8 High |
| The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute() method of the connect-customer-to-wp-user ability, which only requires the customer__edit capability granted to the latepoint_agent role by default, without verifying whether the target WordPress user ID belongs to a privileged account. This makes it possible for authenticated attackers with the latepoint_agent role to link any LatePoint customer record to an administrator's WordPress account and subsequently reset the administrator's password via the normal customer password-reset flow, resulting in full site takeover. | ||||
| CVE-2025-69689 | 1 Rem0o | 1 Fan Control | 2026-04-28 | 8.8 High |
| The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges. | ||||
| CVE-2025-24254 | 1 Apple | 1 Macos | 2026-04-28 | 8.8 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A user may be able to elevate privileges. | ||||
| CVE-2025-31222 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-28 | 7.8 High |
| A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A user may be able to elevate privileges. | ||||
| CVE-2025-31243 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-28 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges. | ||||
| CVE-2025-43249 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-28 | 7.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges. | ||||