Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0238 | 1 Myeventon | 1 Eventon | 2025-06-02 | N/A | 6.1 MEDIUM |
| The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata. | |||||
| CVE-2025-4597 | 2025-05-30 | N/A | 6.5 MEDIUM | ||
| The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woo_slide_pro_delete_draft_preview AJAX action in all versions up to, and including, 1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. | |||||
| CVE-2018-10207 | 1 Vaultize | 1 Enterprise File Sharing | 2025-05-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format. | |||||
| CVE-2025-48138 | 1 Bertha | 1 Bertha Ai | 2025-05-30 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11. | |||||
| CVE-2024-23752 | 1 Gabrieleventuri | 1 Pandasai | 2025-05-30 | N/A | 9.8 CRITICAL |
| GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660. | |||||
| CVE-2024-0679 | 1 Themegrill | 1 Colormag | 2025-05-30 | N/A | 6.5 MEDIUM |
| The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins. | |||||
| CVE-2023-49757 | 1 Getawesomesupport | 1 Awesome Support | 2025-05-29 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.10. | |||||
| CVE-2023-48324 | 1 Getawesomesupport | 1 Awesome Support | 2025-05-29 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.4. | |||||
| CVE-2023-45760 | 1 Gvectors | 1 Wpdiscuz | 2025-05-29 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3. | |||||
| CVE-2023-46309 | 1 Gvectors | 1 Wpdiscuz | 2025-05-29 | N/A | 7.3 HIGH |
| Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.10. | |||||
| CVE-2022-41238 | 1 Jenkins | 1 Dotci | 2025-05-29 | N/A | 9.8 CRITICAL |
| A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits. | |||||
| CVE-2025-46823 | 2025-05-29 | N/A | N/A | ||
| openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch. | |||||
| CVE-2024-8437 | 1 Plugingarden | 1 Wp Easy Gallery | 2025-05-29 | N/A | 4.3 MEDIUM |
| The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries. | |||||
| CVE-2023-42681 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 7.8 HIGH |
| In ion service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | |||||
| CVE-2023-42698 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 5.5 MEDIUM |
| In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42706 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 5.5 MEDIUM |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42685 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 7.8 HIGH |
| In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | |||||
| CVE-2023-42747 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 7.8 HIGH |
| In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | |||||
| CVE-2023-42736 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | N/A | 7.8 HIGH |
| In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | |||||
| CVE-2024-31099 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7. | |||||