Total
766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50504 | 2026-04-23 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through <= 1.1. | |||||
| CVE-2024-50485 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through <= 1.5. | |||||
| CVE-2024-50481 | 2026-04-23 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through <= 1.0.1. | |||||
| CVE-2024-49644 | 2026-04-23 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in AllAccessible Accessibility by AllAccessible allaccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through <= 1.3.4. | |||||
| CVE-2024-49608 | 1 Gerryntabuhashe | 1 Gerryworks Post By Mail | 2026-04-23 | N/A | 8.8 HIGH |
| Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through <= 1.0. | |||||
| CVE-2024-43153 | 1 Xtendify | 1 Woffice | 2026-04-23 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10. | |||||
| CVE-2024-35700 | 1 Userproplugin | 1 Userpro | 2026-04-23 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8. | |||||
| CVE-2024-32959 | 1 Sirv | 1 Sirv | 2026-04-23 | N/A | 8.8 HIGH |
| Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2. | |||||
| CVE-2024-32555 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in InspiryThemes Easy Real Estate easy-real-estate allows Privilege Escalation.This issue affects Easy Real Estate: from n/a through <= 2.2.9. | |||||
| CVE-2024-32507 | 2026-04-23 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16. | |||||
| CVE-2024-32444 | 1 Inspirythemes | 1 Realhomes | 2026-04-23 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6. | |||||
| CVE-2024-22145 | 1 Instawp | 1 Instawp Connect | 2026-04-23 | N/A | 8.8 HIGH |
| Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. | |||||
| CVE-2026-4013 | 2026-04-22 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely. | |||||
| CVE-2026-3671 | 2026-04-22 | 1.7 LOW | 3.3 LOW | ||
| A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123. Executing a manipulation can lead to improper authorization. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-27983 | 2026-04-22 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through <= 1.0.4. | |||||
| CVE-2026-24963 | 2026-04-22 | N/A | 7.2 HIGH | ||
| Incorrect Privilege Assignment vulnerability in ameliabooking Amelia ameliabooking allows Privilege Escalation.This issue affects Amelia: from n/a through <= 1.2.38. | |||||
| CVE-2026-33519 | 2026-04-22 | N/A | 9.8 CRITICAL | ||
| An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials. | |||||
| CVE-2026-33518 | 2026-04-22 | N/A | 9.8 CRITICAL | ||
| An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected. | |||||
| CVE-2026-27668 | 2026-04-17 | N/A | 8.8 HIGH | ||
| A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level. | |||||
| CVE-2025-10725 | 2026-04-15 | N/A | 9.9 CRITICAL | ||
| A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it. | |||||