Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25014 | 1 In2code | 1 Femanager | 2025-03-26 | N/A | 8.6 HIGH |
|
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.
|
|||||
| CVE-2022-47367 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In bluetooth driver, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2022-47325 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
|
|||||
| CVE-2022-47324 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
|
|||||
| CVE-2022-47361 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 7.8 HIGH |
|
In firewall service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.
|
|||||
| CVE-2022-47360 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In log service, there is a missing permission check. This could lead to local denial of service in log service.
|
|||||
| CVE-2022-47359 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In log service, there is a missing permission check. This could lead to local denial of service in log service.
|
|||||
| CVE-2022-47358 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In log service, there is a missing permission check. This could lead to local denial of service in log service.
|
|||||
| CVE-2022-47357 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In log service, there is a missing permission check. This could lead to local denial of service in log service.
|
|||||
| CVE-2022-47341 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 6.7 MEDIUM |
|
In engineermode services, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.
|
|||||
| CVE-2022-47339 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 6.7 MEDIUM |
|
In cmd services, there is a OS command injection issue due to missing permission check. This could lead to local escalation of privilege with system execution privileges needed.
|
|||||
| CVE-2022-47329 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
|
|||||
| CVE-2022-47328 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
|
|||||
| CVE-2022-47326 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
|
|||||
| CVE-2022-48166 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2025-03-25 | N/A | 7.5 HIGH |
|
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
|
|||||
| CVE-2025-2025 | 1 Givewp | 1 Givewp | 2025-03-25 | N/A | 6.5 MEDIUM |
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. This makes it possible for unauthenticated attackers to disclose sensitive information included within earnings reports.
|
|||||
| CVE-2022-47327 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-25 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
|
|||||
| CVE-2024-43045 | 1 Jenkins | 1 Jenkins | 2025-03-25 | N/A | 6.3 MEDIUM |
|
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".
|
|||||
| CVE-2025-30107 | 2025-03-24 | N/A | 7.5 HIGH | ||
|
On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management allows unauthorized users to modify settings, disable critical functions, and turn off battery protection, potentially causing physical damage to the vehicle.
|
|||||
| CVE-2022-48302 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | N/A | 7.5 HIGH |
|
The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2025-1504 | 1 Andypalmer | 1 Post Lockdown | 2025-03-24 | N/A | 4.3 MEDIUM |
|
The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'pl_autocomplete' AJAX action due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
|
|||||
| CVE-2025-1325 | 1 Plechevandrey | 1 Wp-recall | 2025-03-24 | N/A | 6.3 MEDIUM |
|
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rcl_preview_post' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
|
|||||
| CVE-2024-31297 | 1 Wpexperts | 1 Wholesale For Woocommerce | 2025-03-24 | N/A | 7.5 HIGH |
|
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.
|
|||||
| CVE-2024-30469 | 1 Wpexperts | 1 Wholesale For Woocommerce | 2025-03-24 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.
|
|||||
| CVE-2024-38707 | 1 Wpdeveloper | 1 Embedpress | 2025-03-24 | N/A | 6.3 MEDIUM |
|
Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.
|
|||||
| CVE-2024-54542 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-24 | N/A | 9.1 CRITICAL |
|
An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, macOS Sequoia 15.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2. Private Browsing tabs may be accessed without authentication.
|
|||||
| CVE-2024-13816 | 1 Coderevolution | 1 Aiomatic | 2025-03-24 | N/A | 5.4 MEDIUM |
|
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete posts, list and delete batches, list assistant uploaded files, delete personas, delete forms, dele ...
Show More |
|||||
| CVE-2023-6785 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 5.3 MEDIUM |
|
The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published).
|
|||||
| CVE-2023-45631 | 1 Wpdevart | 1 Gallery | 2025-03-21 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
|
|||||
| CVE-2023-24407 | 1 Wpdevart | 1 Booking Calendar | 2025-03-21 | N/A | 5.0 MEDIUM |
|
Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.
|
|||||
| CVE-2024-2043 | 1 Theinnovs | 1 Eleforms | 2025-03-21 | N/A | 5.3 MEDIUM |
|
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated attackers to view form submissions.
|
|||||
| CVE-2021-25087 | 1 W3eden | 1 Download Manager | 2025-03-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25).
|
|||||
| CVE-2024-56217 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.
|
|||||
| CVE-2025-24974 | 1 Dataease | 1 Dataease | 2025-03-21 | N/A | 6.5 MEDIUM |
|
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
|
|||||
| CVE-2023-46628 | 1 Redlettuce | 1 Wp Word Count | 2025-03-21 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4.
|
|||||
| CVE-2025-2103 | 1 Irontemplates | 1 Soundrise | 2025-03-21 | N/A | 8.8 HIGH |
|
The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for ...
Show More |
|||||
| CVE-2025-2289 | 1 Zozothemes | 1 Zegen | 2025-03-21 | N/A | 4.3 MEDIUM |
|
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import, export, and update theme options.
|
|||||
| CVE-2024-56227 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-03-21 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001.
|
|||||
| CVE-2024-38783 | 1 Tychesoftwares | 1 Arconix Faq | 2025-03-20 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4.
|
|||||
| CVE-2024-38769 | 1 Tychesoftwares | 1 Arconix Shortcodes | 2025-03-20 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11.
|
|||||