Total
1688 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-12288 | 1 Bdtask | 1 Pharmacare | 2026-04-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was detected in Bdtask Pharmacy Management System up to 9.4. Affected is an unknown function of the file /user/edit_user/ of the component User Profile Handler. Performing manipulation results in authorization bypass. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-6583 | 2026-04-29 | 5.5 MEDIUM | 5.4 MEDIUM | ||
| A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12854 | 2026-04-29 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. | |||||
| CVE-2026-2697 | 1 Tenable | 1 Security Center | 2026-04-29 | N/A | 6.3 MEDIUM |
| An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter. | |||||
| CVE-2025-6765 | 1 Intelbras | 1 Incontrol Web | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-6614 | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-40308 | 2026-04-28 | N/A | N/A | ||
| My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parse_str() without validation, allowing injection of arbitrary parameters including a site value. On WordPress Multisite installations, this enables an unauthenticated attacker to call switch_to_blog() with an arbitrary site ID and extract calendar events from any sub-site on the network, including private or hidden events. On standard Single Site installations, switch_to_blog() does not exist, causing an uncaught PHP fatal error and crashing the worker thread, creating an unauthenticated denial of service vector. This issue has been fixed in version 3.7.7. | |||||
| CVE-2026-28747 | 2026-04-28 | N/A | 7.1 HIGH | ||
| A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed. | |||||
| CVE-2026-27397 | 2026-04-28 | N/A | 6.5 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0. | |||||
| CVE-2026-22430 | 2026-04-28 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: from n/a through <= 1.6. | |||||
| CVE-2026-22426 | 2026-04-28 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2. | |||||
| CVE-2026-22411 | 2026-04-28 | N/A | 3.8 LOW | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through <= 1.6. | |||||
| CVE-2026-22409 | 2026-04-28 | N/A | 3.8 LOW | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2. | |||||
| CVE-2026-22407 | 2026-04-28 | N/A | 3.8 LOW | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1. | |||||
| CVE-2026-22406 | 2026-04-28 | N/A | 3.8 LOW | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3. | |||||
| CVE-2026-22404 | 2026-04-28 | N/A | 3.8 LOW | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through <= 1.7. | |||||
| CVE-2026-22400 | 2026-04-28 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through <= 1.7. | |||||
| CVE-2026-22398 | 2026-04-28 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through <= 2.0. | |||||
| CVE-2026-22396 | 2026-04-28 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through <= 1.0. | |||||
| CVE-2026-22393 | 2026-04-28 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through <= 3.3. | |||||