Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37903 | 1 Joinmastodon | 1 Mastodon | 2025-06-24 | N/A | 8.2 HIGH |
|
Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the contents of a post not intended for them. Versions 4.1.18 and 4.2.10 contain a patch for this issue.
|
|||||
| CVE-2025-49976 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7.
|
|||||
| CVE-2025-50010 | 2025-06-23 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Zapier Zapier for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zapier for WordPress: from n/a through 1.5.2.
|
|||||
| CVE-2025-49981 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in mahabub81 User Roles and Capabilities allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects User Roles and Capabilities: from n/a through 1.2.6.
|
|||||
| CVE-2025-49987 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in WPFactory CRM ERP Business Solution allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CRM ERP Business Solution: from n/a through 1.13.
|
|||||
| CVE-2025-49986 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in thanhtungtnt Video List Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Video List Manager: from n/a through 1.7.
|
|||||
| CVE-2025-50009 | 2025-06-23 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3.
|
|||||
| CVE-2025-52802 | 2025-06-23 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Import YouTube videos as WP Posts: from n/a through 2.1.
|
|||||
| CVE-2025-49971 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eDS Responsive Menu: from n/a through 1.2.
|
|||||
| CVE-2025-49969 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zara 4 Image Compression: from n/a through 1.2.17.2.
|
|||||
| CVE-2025-49974 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through 2.1.0.
|
|||||
| CVE-2025-49970 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hello FSE Blog: from n/a through 1.0.6.
|
|||||
| CVE-2025-49989 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in App Cheap App Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects App Builder: from n/a through 5.5.3.
|
|||||
| CVE-2025-49980 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Profile Avatar: from n/a through 1.0.6.
|
|||||
| CVE-2025-49990 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in contentstudio ContentStudio allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ContentStudio: from n/a through 1.3.4.
|
|||||
| CVE-2025-49998 | 2025-06-23 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.5.
|
|||||
| CVE-2025-50008 | 2025-06-23 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily: from n/a through 1.2.4.5.
|
|||||
| CVE-2025-49979 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.1.
|
|||||
| CVE-2025-49988 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Renzo Contact Form 7 AWeber Extension allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form 7 AWeber Extension: from n/a through 0.1.38.
|
|||||
| CVE-2025-49997 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.17.
|
|||||
| CVE-2025-49982 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in aguilatechnologies WP Customer Area allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Customer Area: from n/a through 8.2.5.
|
|||||
| CVE-2025-49993 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Cookie Script Cookie-Script.com allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cookie-Script.com: from n/a through 1.2.1.
|
|||||
| CVE-2025-50034 | 2025-06-23 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Enhanced Blocks – Page Builder Blocks for Gutenberg: from n/a through 1.4.1.
|
|||||
| CVE-2025-49973 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes: from n/a through 1.0.9.
|
|||||
| CVE-2025-49996 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.8.
|
|||||
| CVE-2025-49991 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14.
|
|||||
| CVE-2024-53591 | 1 Seclore | 1 Seclore | 2025-06-23 | N/A | 9.8 CRITICAL |
|
An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
|
|||||
| CVE-2024-0236 | 1 Myeventon | 1 Eventon | 2025-06-20 | N/A | 5.3 MEDIUM |
|
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)
|
|||||
| CVE-2024-0235 | 1 Myeventon | 1 Eventon | 2025-06-20 | N/A | 5.3 MEDIUM |
|
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
|
|||||
| CVE-2023-48339 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-20 | N/A | 4.4 MEDIUM |
|
In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed
|
|||||
| CVE-2023-6554 | 1 Tecnick | 1 Tcexam | 2025-06-20 | N/A | 6.5 MEDIUM |
|
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
|
|||||
| CVE-2023-5905 | 1 Demomentsomtres | 1 Export Posts With Images | 2025-06-20 | N/A | 8.1 HIGH |
|
The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts.
|
|||||
| CVE-2023-40362 | 1 Centralsquare | 1 Click2gov Building Permit | 2025-06-20 | N/A | 4.3 MEDIUM |
|
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.
|
|||||
| CVE-2023-34063 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2025-06-20 | N/A | 9.9 CRITICAL |
|
Aria Automation contains a Missing Access Control vulnerability.
An authenticated malicious actor may
exploit this vulnerability leading to unauthorized access to remote
organizations and workflows.
|
|||||
| CVE-2025-5033 | 1 Teacms Project | 1 Teacms | 2025-06-20 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-48013 | 1 Quick Node Block Project | 1 Quick Node Block | 2025-06-20 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
|
|||||
| CVE-2025-48444 | 1 Quick Node Block Project | 1 Quick Node Block | 2025-06-20 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
|
|||||
| CVE-2023-42358 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-06-18 | N/A | 7.7 HIGH |
|
An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.
|
|||||
| CVE-2025-23999 | 2025-06-18 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13.
|
|||||
| CVE-2023-32295 | 1 Easyappointments | 1 Easy\!appointments | 2025-06-17 | N/A | 6.3 MEDIUM |
|
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3.
|
|||||