Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48138 | 1 Bertha | 1 Bertha Ai | 2025-05-30 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11.
|
|||||
| CVE-2024-23752 | 1 Gabrieleventuri | 1 Pandasai | 2025-05-30 | N/A | 9.8 CRITICAL |
|
GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660.
|
|||||
| CVE-2024-0679 | 1 Themegrill | 1 Colormag | 2025-05-30 | N/A | 6.5 MEDIUM |
|
The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
|
|||||
| CVE-2023-48324 | 1 Getawesomesupport | 1 Awesome Support | 2025-05-29 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.4.
|
|||||
| CVE-2023-49757 | 1 Getawesomesupport | 1 Awesome Support | 2025-05-29 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.10.
|
|||||
| CVE-2023-49857 | 1 Getawesomesupport | 1 Awesome Support | 2025-05-29 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.7.
|
|||||
| CVE-2023-45760 | 1 Gvectors | 1 Wpdiscuz | 2025-05-29 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3.
|
|||||
| CVE-2024-32715 | 1 Olivethemes | 1 Olive One Click Demo Import | 2025-05-29 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.
|
|||||
| CVE-2023-46309 | 1 Gvectors | 1 Wpdiscuz | 2025-05-29 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.10.
|
|||||
| CVE-2022-41238 | 1 Jenkins | 1 Dotci | 2025-05-29 | N/A | 9.8 CRITICAL |
|
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.
|
|||||
| CVE-2024-32792 | 1 Incsub | 1 Hummingbird | 2025-05-29 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.
|
|||||
| CVE-2024-8437 | 1 Plugingarden | 1 Wp Easy Gallery | 2025-05-29 | N/A | 4.3 MEDIUM |
|
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries.
|
|||||
| CVE-2023-42706 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 5.5 MEDIUM |
|
In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-42698 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 5.5 MEDIUM |
|
In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-42685 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 7.8 HIGH |
|
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
|
|||||
| CVE-2023-42681 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 7.8 HIGH |
|
In ion service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
|
|||||
| CVE-2023-42747 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 7.8 HIGH |
|
In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
|
|||||
| CVE-2023-42736 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 7.8 HIGH |
|
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
|
|||||
| CVE-2024-31099 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | N/A | 6.4 MEDIUM |
|
Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7.
|
|||||
| CVE-2024-37444 | 1 Wpmudev | 1 Defender | 2025-05-28 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1.
|
|||||
| CVE-2024-39635 | 1 Kainelabs | 1 Youzify | 2025-05-28 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youzify: from n/a through 1.2.6.
|
|||||
| CVE-2024-12113 | 1 Kainelabs | 1 Youzify | 2025-05-28 | N/A | 4.3 MEDIUM |
|
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user's reviews.
|
|||||
| CVE-2025-1813 | 1 Zframeworks | 1 Zz | 2025-05-28 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in zj1983 zz up to 2024-08. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-43158 | 1 Masteriyo | 1 Masteriyo | 2025-05-28 | N/A | 7.5 HIGH |
|
Missing Authorization vulnerability in Masteriyo Masteriyo - LMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masteriyo - LMS: from n/a through 1.11.4.
|
|||||
| CVE-2024-43159 | 1 Masteriyo | 1 Masteriyo | 2025-05-28 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Masteriyo Masteriyo - LMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masteriyo - LMS: from n/a through 1.11.6.
|
|||||
| CVE-2023-50904 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.8.0.
|
|||||
| CVE-2023-45766 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1.
|
|||||
| CVE-2024-56295 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6.
|
|||||
| CVE-2024-3601 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | N/A | 5.3 MEDIUM |
|
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to extract email addresses by enumerating them one character at a time.
|
|||||
| CVE-2025-24577 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in Ays Pro Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Poll Maker: from n/a through 5.5.0.
|
|||||
| CVE-2022-41228 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-05-28 | N/A | 8.8 HIGH |
|
A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.
|
|||||
| CVE-2025-28103 | 1 Dogukanurker | 1 Flaskblog | 2025-05-28 | N/A | 6.4 MEDIUM |
|
Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.
|
|||||
| CVE-2022-41254 | 1 Jenkins | 1 Cons3rt | 2025-05-28 | N/A | 6.5 MEDIUM |
|
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
|
|||||
| CVE-2022-41252 | 1 Jenkins | 1 Cons3rt | 2025-05-28 | N/A | 4.3 MEDIUM |
|
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
|
|||||
| CVE-2022-41251 | 1 Jenkins | 1 Apprenda | 2025-05-28 | N/A | 4.3 MEDIUM |
|
A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
|
|||||
| CVE-2022-41242 | 1 Jenkins | 1 Extreme-feedback | 2025-05-28 | N/A | 5.4 MEDIUM |
|
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps.
|
|||||
| CVE-2022-41234 | 1 Jenkins | 1 Rundeck | 2025-05-28 | N/A | 8.8 HIGH |
|
Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.
|
|||||
| CVE-2022-41233 | 1 Jenkins | 1 Rundeck | 2025-05-28 | N/A | 4.3 MEDIUM |
|
Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled.
|
|||||
| CVE-2022-41230 | 1 Jenkins | 1 Build-publisher | 2025-05-28 | N/A | 4.3 MEDIUM |
|
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.
|
|||||
| CVE-2025-40673 | 2025-05-28 | N/A | N/A | ||
|
A Missing Authorization vulnerability has been found in DinoRANK. This
vulnerability allows an attacker to access invoices of any user via
accessing endpoint '/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf' because there
is no access control. The pdf filename can be obtained via OSINT,
insecure network traffic or brute force.
|
|||||