ReportizFlow
Filtered by vendor
Subscriptions
Total
895 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56000 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through < 5.4.0. | ||||
| CVE-2024-49322 | 1 Codepassenger | 1 Job Board Manager For Wordpress | 2026-04-29 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through <= 1.0. | ||||
| CVE-2024-37927 | 2 Nootheme, Wordpress | 2 Jobmonster, Wordpress | 2026-04-29 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through <= 4.7.5. | ||||
| CVE-2025-47631 | 2026-04-28 | 8.8 High | ||
| Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation. This issue affects Hospital Management System: from 47.0(20 through 11. | ||||
| CVE-2025-39366 | 2026-04-28 | 8.8 High | ||
| Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | ||||
| CVE-2025-31643 | 2 Dasinfomedia, Wordpress | 2 Wpchurch Church Management System, Wordpress | 2026-04-28 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. | ||||
| CVE-2025-29004 | 2 Aa-team, Wordpress | 3 Premium Age Verification Restriction For Wordpress, Responsive Coming Soon Landing Page Holding Page For Wordpress, Wordpress | 2026-04-28 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through 3.0.2; Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through 3.0. | ||||
| CVE-2024-51800 | 2 Favethemes, Wordpress | 2 Homey, Wordpress | 2026-04-28 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1. | ||||
| CVE-2024-43333 | 2026-04-28 | 7.5 High | ||
| Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.2.1. | ||||
| CVE-2025-43260 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-28 | 5.1 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to hijack entitlements granted to other privileged apps. | ||||
| CVE-2026-22337 | 2 Directorist, Wordpress | 2 Directorist Social Login, Wordpress | 2026-04-28 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4. | ||||
| CVE-2026-7142 | 1 Wooey | 1 Wooey | 2026-04-28 | 6.3 Medium |
| A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.13.3rc1 and 0.14.0 is sufficient to resolve this issue. This patch is called f7846fc0c323da8325422cab32623491757f1b88. The affected component should be upgraded. | ||||
| CVE-2026-7109 | 1 Code-projects | 1 Invoice System In Laravel | 2026-04-28 | 5.3 Medium |
| A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-6977 | 1 Vanna-ai | 1 Vanna | 2026-04-27 | 7.3 High |
| A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2020-25720 | 1 Redhat | 3 Enterprise Linux, Openshift, Storage | 2026-04-27 | 7.5 High |
| A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks. | ||||
| CVE-2026-7091 | 1 Code-projects | 1 Invoice System In Laravel | 2026-04-27 | 6.3 Medium |
| A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-7093 | 1 Code-projects | 1 Invoice System In Laravel | 2026-04-27 | 6.3 Medium |
| A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-69378 | 2 Wordpress, Xforwoocommerce | 2 Wordpress, Product Filter For Woocommerce | 2026-04-27 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2. | ||||
| CVE-2025-58710 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privilege Escalation.This issue affects Hotel Listing: from n/a through <= 1.4.0. | ||||
| CVE-2026-40224 | 2 Systemd, Systemd Project | 2 Systemd, Systemd | 2026-04-27 | 6.7 Medium |
| In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace. | ||||