Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9586 | 1 Linkz.ai | 1 Linkz.ai | 2025-01-29 | N/A | 6.5 MEDIUM |
|
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings.
|
|||||
| CVE-2023-31047 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2025-01-29 | N/A | 9.8 CRITICAL |
|
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
|
|||||
| CVE-2024-11852 | 1 Bdthemes | 1 Element Pack | 2025-01-29 | N/A | 4.3 MEDIUM |
|
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates.
|
|||||
| CVE-2024-24840 | 1 Bdthemes | 1 Element Pack | 2025-01-29 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11.
|
|||||
| CVE-2022-47493 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
|
In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-47492 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
|
In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-47490 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
|
In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48245 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48244 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48243 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2024-1042 | 1 Wpmilitary | 1 Wp Radio | 2025-01-28 | N/A | 6.4 MEDIUM |
|
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041.
|
|||||
| CVE-2022-48368 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48250 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48249 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48248 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48247 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48246 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2024-4875 | 1 Hasthemes | 1 Ht Mega | 2025-01-28 | N/A | 4.3 MEDIUM |
|
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration.
|
|||||
| CVE-2022-48371 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.
|
|||||
| CVE-2022-48370 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.
|
|||||
| CVE-2022-48369 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48242 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.
|
|||||
| CVE-2022-48384 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48383 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
.In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48379 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48378 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
|
In engineermode service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48377 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48376 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48375 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
|
In contacts service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2024-1870 | 1 Extendthemes | 1 Colibri Page Builder | 2025-01-28 | N/A | 4.3 MEDIUM |
|
The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key.
|
|||||
| CVE-2024-28004 | 1 Extendthemes | 1 Colibri Page Builder | 2025-01-28 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.
|
|||||
| CVE-2022-48388 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-44433 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
|
In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2024-1108 | 1 Davidcramer | 1 Plugin Groups | 2025-01-28 | N/A | 6.5 MEDIUM |
|
The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration.
|
|||||
| CVE-2024-36377 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 6.5 MEDIUM |
|
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions
|
|||||
| CVE-2024-1861 | 1 Billminozzi | 1 Anti Hacker | 2025-01-27 | N/A | 4.3 MEDIUM |
|
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table.
|
|||||
| CVE-2024-1389 | 1 Cozmoslabs | 1 Membership \& Content Restriction - Paid Member Subscriptions | 2025-01-27 | N/A | 5.3 MEDIUM |
|
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys.
|
|||||
| CVE-2025-24747 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0.
|
|||||
| CVE-2025-24744 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3.
|
|||||
| CVE-2025-24743 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2.
|
|||||