Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26375 | 1 Q-free | 1 Maxtime | 2025-04-10 | N/A | 8.8 HIGH |
|
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests.
|
|||||
| CVE-2023-41243 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-04-10 | N/A | 8.8 HIGH |
|
Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90.
|
|||||
| CVE-2025-26871 | 1 Wpdeveloper | 1 Essential Blocks | 2025-04-10 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.3.
|
|||||
| CVE-2025-21498 | 1 Oracle | 1 Http Server | 2025-04-10 | N/A | 5.3 MEDIUM |
|
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR: ...
Show More |
|||||
| CVE-2022-39084 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39083 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39082 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39081 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-38684 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-38683 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-38682 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-38678 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2024-10591 | 1 Makewebbetter | 1 Hubspot For Woocommerce | 2025-04-10 | N/A | 8.8 HIGH |
|
The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoo_save_updates() function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to ...
Show More |
|||||
| CVE-2022-44439 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-44438 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-44436 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-44434 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-44424 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-44423 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-44422 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-39104 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-39088 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39087 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39086 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39085 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2023-41848 | 1 Majeedraza | 1 Carousel Slider | 2025-04-10 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2.
|
|||||
| CVE-2025-31004 | 2025-04-09 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Croover.inc Rich Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Table of Contents: from n/a through 1.4.0.
|
|||||
| CVE-2025-32684 | 2025-04-09 | N/A | 5.0 MEDIUM | ||
|
Missing Authorization vulnerability in RomanCode MapSVG Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG Lite: from n/a through 8.5.32.
|
|||||
| CVE-2025-31012 | 2025-04-09 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.
|
|||||
| CVE-2025-32624 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Missing Authorization vulnerability in czater Czater.pl – live chat i telefon allows Cross Site Request Forgery. This issue affects Czater.pl – live chat i telefon: from n/a through 1.0.5.
|
|||||
| CVE-2025-31042 | 2025-04-09 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in rtakao Sandwich Adsense allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sandwich Adsense: from n/a through 4.0.2.
|
|||||
| CVE-2025-31377 | 2025-04-09 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Product Feed For Marketing Channels: from n/a through 1.9.0.
|
|||||
| CVE-2022-4102 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-04-09 | N/A | 3.1 LOW |
|
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.
|
|||||
| CVE-2022-3923 | 1 Activecampaign | 1 Activecampaign For Woocommerce | 2025-04-09 | N/A | 4.3 MEDIUM |
|
The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.
|
|||||
| CVE-2024-53473 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 7.5 HIGH |
|
WeGIA 3.2.0 before 3998672 does not verify permission to change a password.
|
|||||
| CVE-2023-39993 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2025-04-09 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through 2.9.0.
|
|||||
| CVE-2022-4103 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-04-09 | N/A | 4.3 MEDIUM |
|
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title
|
|||||
| CVE-2025-28872 | 1 Jwpegram | 1 Block Spam By Math Reloaded | 2025-04-09 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4.
|
|||||
| CVE-2009-3781 | 1 Quicksketch | 1 Filefield | 2025-04-09 | 7.5 HIGH | N/A |
|
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.
|
|||||
| CVE-2008-6548 | 1 Moinmo | 1 Moinmoin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
|
|||||