Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6341 | 1 Fabian | 1 School Fees Payment System | 2025-06-26 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5812 | 2025-06-26 | N/A | 4.3 MEDIUM | ||
| The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gutenberg_save_post() function in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post settings. | |||||
| CVE-2025-52878 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | N/A |
| In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions | |||||
| CVE-2025-3687 | 1 Misstt123 | 1 Oasys | 2025-06-25 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2024-0236 | 1 Myeventon | 1 Eventon | 2025-06-20 | N/A | 5.3 MEDIUM |
| The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom) | |||||
| CVE-2023-48339 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-20 | N/A | 4.4 MEDIUM |
| In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed | |||||
| CVE-2024-0235 | 1 Myeventon | 1 Eventon | 2025-06-20 | N/A | 5.3 MEDIUM |
| The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog | |||||
| CVE-2023-34063 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2025-06-20 | N/A | 8.3 HIGH |
| Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | |||||
| CVE-2023-5905 | 1 Demomentsomtres | 1 Export Posts With Images | 2025-06-20 | N/A | 8.1 HIGH |
| The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts. | |||||
| CVE-2023-6554 | 1 Tecnick | 1 Tcexam | 2025-06-20 | N/A | 6.5 MEDIUM |
| When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers. | |||||
| CVE-2023-40362 | 1 Centralsquare | 1 Click2gov Building Permit | 2025-06-20 | N/A | 4.3 MEDIUM |
| An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known. | |||||
| CVE-2025-49982 | 2025-06-20 | N/A | N/A | ||
| Missing Authorization vulnerability in aguilatechnologies WP Customer Area allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Customer Area: from n/a through 8.2.5. | |||||
| CVE-2025-50009 | 2025-06-20 | N/A | N/A | ||
| Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3. | |||||
| CVE-2025-49991 | 2025-06-20 | N/A | N/A | ||
| Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14. | |||||
| CVE-2025-49987 | 2025-06-20 | N/A | N/A | ||
| Missing Authorization vulnerability in WPFactory CRM ERP Business Solution allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CRM ERP Business Solution: from n/a through 1.13. | |||||
| CVE-2025-50034 | 2025-06-20 | N/A | N/A | ||
| Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Enhanced Blocks – Page Builder Blocks for Gutenberg: from n/a through 1.4.1. | |||||
| CVE-2025-49973 | 2025-06-20 | N/A | N/A | ||
| Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes: from n/a through 1.0.9. | |||||
| CVE-2025-49990 | 2025-06-20 | N/A | N/A | ||
| Missing Authorization vulnerability in contentstudio ContentStudio allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ContentStudio: from n/a through 1.3.4. | |||||
| CVE-2025-49988 | 2025-06-20 | N/A | N/A | ||
| Missing Authorization vulnerability in Renzo Contact Form 7 AWeber Extension allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form 7 AWeber Extension: from n/a through 0.1.38. | |||||
| CVE-2025-49993 | 2025-06-20 | N/A | N/A | ||
| Missing Authorization vulnerability in Cookie Script Cookie-Script.com allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cookie-Script.com: from n/a through 1.2.1. | |||||