Export limit exceeded: 360040 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10233 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 26001 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46835 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12438 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12438 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25406 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-04-28 | 8.1 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4. | ||||
| CVE-2024-33921 | 1 Wpdeveloper | 1 Reviewx | 2026-04-28 | 4.3 Medium |
| Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | ||||
| CVE-2023-51482 | 1 Eazyplugins | 1 Eazy Plugin Manager | 2026-04-28 | 9.9 Critical |
| Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2. | ||||
| CVE-2023-51478 | 2 Buildapp, Rahamsolutions | 2 Build App Online, Build App Online | 2026-04-28 | 9.8 Critical |
| Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | ||||
| CVE-2023-51477 | 2026-04-28 | 9.8 Critical | ||
| Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60. | ||||
| CVE-2023-51472 | 2026-04-28 | 9.8 Critical | ||
| Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | ||||
| CVE-2023-51471 | 1 Wordpress | 1 Checkout Mestres | 2026-04-28 | 8.2 High |
| Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | ||||
| CVE-2023-51405 | 1 Reputeinfosystems | 1 Bookingpress | 2026-04-28 | 8.2 High |
| Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74. | ||||
| CVE-2023-47504 | 1 Elementor | 1 Website Builder | 2026-04-28 | 6.5 Medium |
| Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4. | ||||
| CVE-2023-47189 | 1 Wpmudev | 2 Defender, Defender Security | 2026-04-28 | 5.3 Medium |
| Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0. | ||||
| CVE-2023-46630 | 2026-04-28 | 7.5 High | ||
| Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1. | ||||
| CVE-2023-32238 | 3 Codexthemes, Elementor, Wordpress | 3 Thegem, Elementor, Wordpress | 2026-04-28 | 5.4 Medium |
| Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1. | ||||
| CVE-2023-25790 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-04-28 | 5.3 Medium |
| Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4. | ||||
| CVE-2022-44595 | 1 Melapress | 1 Wp 2fa | 2026-04-28 | 5.3 Medium |
| Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0. | ||||
| CVE-2022-40216 | 1 Wordplus | 1 Better Messages | 2026-04-28 | 4.3 Medium |
| Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. | ||||
| CVE-2022-35726 | 1 Yotuwp | 1 Video Gallery | 2026-04-28 | 4.3 Medium |
| Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. | ||||
| CVE-2022-34839 | 1 Codexshaper | 1 Wp Oauth2 Server | 2026-04-28 | 5.9 Medium |
| Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress. | ||||
| CVE-2022-34155 | 1 Miniorange | 1 Oauth Single Sign On | 2026-04-28 | 8.8 High |
| Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3. | ||||
| CVE-2026-35245 | 1 Oracle | 1 Vm Virtualbox | 2026-04-28 | 7.5 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2026-41428 | 1 Budibase | 1 Budibase | 2026-04-28 | 9.1 Critical |
| Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query parameter. For example, POST /api/global/users/search?x=/api/system/status bypasses all authentication because the regex /api/system/status/ matches in the query string portion of the URL. This vulnerability is fixed in 3.35.4. | ||||