Total
755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30514 | 2025-04-15 | N/A | N/A | ||
| Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes"). | |||||
| CVE-2025-30254 | 2025-04-15 | N/A | N/A | ||
| An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username. | |||||
| CVE-2025-27568 | 2025-04-15 | N/A | N/A | ||
| An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request. | |||||
| CVE-2025-24487 | 2025-04-15 | N/A | N/A | ||
| An unauthenticated attacker can infer the existence of usernames in the system by querying an API. | |||||
| CVE-2025-27939 | 2025-04-15 | N/A | N/A | ||
| An attacker can change registered email addresses of other users and take over arbitrary accounts. | |||||
| CVE-2025-27938 | 2025-04-15 | N/A | N/A | ||
| Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms"). | |||||
| CVE-2025-26977 | 1 Ninjateam | 1 Filebird | 2025-04-15 | N/A | 7.2 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Filebird: from n/a through 6.4.2.1. | |||||
| CVE-2025-3575 | 2025-04-15 | N/A | N/A | ||
| Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint. | |||||
| CVE-2025-3574 | 2025-04-15 | N/A | N/A | ||
| Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint. | |||||
| CVE-2022-4097 | 1 Updraftplus | 1 All-in-one Security | 2025-04-14 | N/A | 5.3 MEDIUM |
| The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). | |||||
| CVE-2024-12335 | 1 Theme-fusion | 1 Avada Builder | 2025-04-14 | N/A | 4.3 MEDIUM |
| The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | |||||
| CVE-2024-47316 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-11 | N/A | 8.8 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9. | |||||
| CVE-2024-10670 | 1 Nicheaddons | 1 Primary Addon For Elementor | 2025-04-11 | N/A | 4.3 MEDIUM |
| The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to. | |||||
| CVE-2025-32373 | 2025-04-09 | N/A | N/A | ||
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8. | |||||
| CVE-2025-28874 | 1 Shanebp | 1 Bp Email Assign Templates | 2025-04-09 | N/A | 4.9 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BP Email Assign Templates: from n/a through 1.6. | |||||
| CVE-2025-2526 | 2025-04-08 | N/A | 8.8 HIGH | ||
| The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | |||||
| CVE-2022-40319 | 1 Lsoft | 1 Listserv | 2025-04-04 | N/A | 7.5 HIGH |
| The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account. | |||||
| CVE-2022-45927 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.8 HIGH |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code. | |||||
| CVE-2023-4836 | 1 Userprivatefiles | 1 Wordpress File Sharing Plugin | 2025-04-03 | N/A | 4.3 MEDIUM |
| The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced | |||||
| CVE-2025-31833 | 2025-04-01 | N/A | N/A | ||
| Authorization Bypass Through User-Controlled Key vulnerability in themeglow JobBoard Job listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBoard Job listing: from n/a through 1.2.7. | |||||