Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47558 | 2025-07-03 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a before 8.6.13.
|
|||||
| CVE-2024-10762 | 1 Lunary | 1 Lunary | 2025-07-02 | N/A | 8.1 HIGH |
|
In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This vulnerability allows low-privilege users to delete evaluators data, causing permanent data loss and potentially hindering operations.
|
|||||
| CVE-2025-1074 | 1 Webkul | 1 Qloapps | 2025-07-02 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. They are aware about it and are working on resolving it.
|
|||||
| CVE-2024-13203 | 1 Kurniaramadhan | 1 E-commerce-php | 2025-07-02 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-0526 | 2 Microsoft, Octopus | 2 Windows, Octopus Server | 2025-07-02 | N/A | 5.4 MEDIUM |
|
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.
|
|||||
| CVE-2024-31368 | 1 Pencidesign | 1 Soledad | 2025-07-02 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
|
|||||
| CVE-2024-31367 | 1 Pencidesign | 1 Soledad | 2025-07-02 | N/A | 7.1 HIGH |
|
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
|
|||||
| CVE-2025-6864 | 1 Seacms | 1 Seacms | 2025-07-01 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6865 | 1 Daicuo | 1 Daicuo | 2025-07-01 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-38057 | 1 Themehunk | 1 Th Advance Product Search | 2025-06-30 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.
|
|||||
| CVE-2025-53323 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pre-Publish Post Checklist: from n/a through 3.1.
|
|||||
| CVE-2025-52824 | 2025-06-30 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile DJ Manager: from n/a through 1.7.6.
|
|||||
| CVE-2025-53288 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Adrian Ladó PlatiOnline Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PlatiOnline Payments: from n/a through 6.3.2.
|
|||||
| CVE-2025-53266 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in EdwardBock Cron Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cron Logger: from n/a through 1.3.0.
|
|||||
| CVE-2025-53255 | 2025-06-30 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Nabil Lemsieh HurryTimer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HurryTimer: from n/a through 2.13.1.
|
|||||
| CVE-2025-53200 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3.
|
|||||
| CVE-2025-53293 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3.
|
|||||
| CVE-2025-53284 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in pankaj.sakaria CMS Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CMS Blocks: from n/a through 1.1.
|
|||||
| CVE-2025-52817 | 2025-06-30 | N/A | 8.2 HIGH | ||
|
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Abandoned Contact Form 7: from n/a through 2.0.
|
|||||
| CVE-2025-53318 | 2025-06-30 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in WPManiax WP DB Booster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP DB Booster: from n/a through 1.0.1.
|
|||||
| CVE-2025-53304 | 2025-06-30 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Rohil Contact Form – 7 : Hide Success Message allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Contact Form – 7 : Hide Success Message: from n/a through 1.1.4.
|
|||||
| CVE-2025-52818 | 2025-06-30 | N/A | 8.2 HIGH | ||
|
Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trusty Whistleblowing: from n/a through 1.5.2.
|
|||||
| CVE-2025-53295 | 2025-06-30 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in iCount iCount Payment Gateway allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects iCount Payment Gateway: from n/a through 2.0.6.
|
|||||
| CVE-2025-32281 | 2025-06-30 | N/A | 9.8 CRITICAL | ||
|
Missing Authorization vulnerability in FocuxTheme WPKit For Elementor allows Privilege Escalation. This issue affects WPKit For Elementor: from n/a through 1.1.0.
|
|||||
| CVE-2021-28141 | 1 Progress | 1 Telerik Ui For Asp.net Ajax | 2025-06-30 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attacker to gain unauthorized access to the server and execute code. To exploit, one must use the parameter _TSM_HiddenField_ and inject a command at the end of the URI. NOTE: the vendor states that this is not a vulnerability. The request's output does not indicate that a "true" command was executed on t ...
Show More |
|||||
| CVE-2023-40670 | 1 Wpdeveloper | 1 Reviewx | 2025-06-27 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.
|
|||||
| CVE-2024-3609 | 1 Wpdeveloper | 1 Reviewx | 2025-06-27 | N/A | 4.3 MEDIUM |
|
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments.
|
|||||
| CVE-2025-6664 | 1 Codeastro | 1 Patient Record Management System | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-32254 | 1 Iqonic | 1 Wpbookit | 2025-06-27 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Iqonic Design WPBookit allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WPBookit: from n/a through 1.0.1.
|
|||||
| CVE-2025-6476 | 1 Oretnom23 | 1 Gym Management System | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6478 | 1 Codeastro | 1 Expense Management System | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely.
|
|||||
| CVE-2024-50628 | 1 Digi | 7 Connectport Lts 16, Connectport Lts 16 Mei, Connectport Lts 16 Mei 2ac and 4 more | 2025-06-27 | N/A | 8.8 HIGH |
|
An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.
|
|||||
| CVE-2025-27583 | 1 Serosoft | 1 Academia Student Information System | 2025-06-27 | N/A | 9.1 CRITICAL |
|
Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
|
|||||
| CVE-2025-6284 | 1 Phpgurukul | 1 Car Rental Portal | 2025-06-26 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5812 | 2025-06-26 | N/A | 4.3 MEDIUM | ||
|
The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gutenberg_save_post() function in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post settings.
|
|||||
| CVE-2025-6341 | 1 Fabian | 1 School Fees Payment System | 2025-06-26 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-52878 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | 4.3 MEDIUM |
|
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
|
|||||
| CVE-2025-3687 | 1 Misstt123 | 1 Oasys | 2025-06-25 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
|
|||||
| CVE-2024-54252 | 2025-06-25 | N/A | 6.3 MEDIUM | ||
|
Missing Authorization vulnerability in Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.6.
|
|||||
| CVE-2025-32045 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 5.3 MEDIUM |
|
A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades.
|
|||||