Total
7678 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40839 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | 2.4 Low |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen. | ||||
| CVE-2025-43318 | 1 Apple | 1 Macos | 2026-04-02 | 6.2 Medium |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Tahoe 26. An app with root privileges may be able to access private information. | ||||
| CVE-2025-30461 | 1 Apple | 1 Macos | 2026-04-02 | 9.8 Critical |
| An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. | ||||
| CVE-2025-24245 | 1 Apple | 1 Macos | 2026-04-02 | 9.8 Critical |
| This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords. | ||||
| CVE-2024-44208 | 1 Apple | 1 Macos | 2026-04-02 | 7.5 High |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2025-43497 | 1 Apple | 1 Macos | 2026-04-02 | 5.2 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox. | ||||
| CVE-2025-24108 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data. | ||||
| CVE-2025-43331 | 1 Apple | 1 Macos | 2026-04-02 | 4 Medium |
| A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data. | ||||
| CVE-2025-68072 | 2 Merv Barrett, Wordpress | 2 Easy Property Listings, Wordpress | 2026-04-02 | 6.5 Medium |
| Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.20. | ||||
| CVE-2025-15400 | 2 Openpix, Wordpress | 2 Pix Para Woocommerce, Wordpress | 2026-04-02 | 6.5 Medium |
| The OpenPix for WooCommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status, causing persistent disruption of OpenPix payment functionality. | ||||
| CVE-2026-0829 | 2 Frontend File Manager Plugin, Wordpress | 2 Frontend File Manager Plugin, Wordpress | 2026-04-02 | 5.8 Medium |
| The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access and share uploaded files without permission, exposing sensitive information. | ||||
| CVE-2025-15445 | 2 Restaurant Cafeteria, Wordpress | 2 Restaurant Cafeteria, Wordpress | 2026-04-02 | 5.4 Medium |
| The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings. | ||||
| CVE-2026-21668 | 1 Veeam | 2 Backup And Replication, Veeam Backup \& Replication | 2026-04-02 | 8.8 High |
| A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. | ||||
| CVE-2026-32587 | 2 Saad Iqbal, Wordpress | 2 Wp Easypay, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2.11. | ||||
| CVE-2026-32586 | 2 Pluggabl, Wordpress | 2 Booster For Woocommerce, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through < 7.11.3. | ||||
| CVE-2026-32565 | 2 Webberzone, Wordpress | 2 Contextual Related Posts, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through < 4.2.2. | ||||
| CVE-2026-27091 | 2 Uipress, Wordpress | 2 Uipress Lite, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09. | ||||
| CVE-2026-25312 | 2 Theeventprime, Wordpress | 2 Eventprime, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.3. | ||||
| CVE-2026-25443 | 2 Dotstore, Wordpress | 2 Fraud Prevention For Woocommerce, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.3. | ||||
| CVE-2026-33638 | 2 Ech0, Lin-snow | 2 Ech0, Ech0 | 2026-04-02 | 5.3 Medium |
| Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, `GET /api/allusers` is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. A fix is available in v4.2.0. | ||||