Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41250 | 1 Jenkins | 1 Scm Httpclient | 2025-05-27 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-38512 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-27 | N/A | 6.5 MEDIUM |
| The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL. | |||||
| CVE-2025-39412 | 1 Averta | 1 Master Slider | 2025-05-27 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.10.8. | |||||
| CVE-2021-41803 | 1 Hashicorp | 1 Consul | 2025-05-27 | N/A | 7.1 HIGH |
| HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2." | |||||
| CVE-2025-5117 | 2025-05-27 | N/A | 8.8 HIGH | ||
| The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author-level access and above, to elevate their privileges to that of an administrator by creating a package post whose property_package_user_role is set to administrator and then submitting the PayPal registration form. | |||||
| CVE-2025-5185 | 2025-05-26 | N/A | 4.3 MEDIUM | ||
| A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-40667 | 2025-05-26 | N/A | N/A | ||
| Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from ‘302 Found’ to ‘200 OK’, as well as the hidden fields hdnReadOnly and hdnUserLogin. | |||||
| CVE-2024-13703 | 1 Vcita | 1 Crm And Lead Management By Vcita | 2025-05-26 | N/A | 4.3 MEDIUM |
| The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable plugin widgets. | |||||
| CVE-2025-2104 | 1 Pagelayer | 1 Pagelayer | 2025-05-26 | N/A | 4.3 MEDIUM |
| The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site. | |||||
| CVE-2024-13358 | 1 Themekraft | 1 Buddypress Woocommerce My Account Integration | 2025-05-26 | N/A | 4.3 MEDIUM |
| The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting. | |||||
| CVE-2025-1780 | 1 Themekraft | 1 Buddypress Woocommerce My Account Integration | 2025-05-26 | N/A | 4.3 MEDIUM |
| The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.25. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting. | |||||
| CVE-2024-50500 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-26 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2. | |||||
| CVE-2025-24607 | 1 Northernbeacheswebsites | 1 Ideapush | 2025-05-23 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Northern Beaches Websites IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IdeaPush: from n/a through 8.71. | |||||
| CVE-2025-22289 | 1 Eniture | 1 Ltl Freight Quotes | 2025-05-23 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8. | |||||
| CVE-2025-46488 | 2025-05-23 | N/A | N/A | ||
| Missing Authorization vulnerability in dastan800 Visual Builder allows Reflected XSS. This issue affects Visual Builder: from n/a through 1.2.2. | |||||
| CVE-2025-47690 | 2025-05-23 | N/A | N/A | ||
| Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1. | |||||
| CVE-2025-47529 | 2025-05-23 | N/A | N/A | ||
| Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through 1.1.1. | |||||
| CVE-2025-47619 | 2025-05-23 | N/A | N/A | ||
| Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a through 2.19.4. | |||||
| CVE-2025-48275 | 2025-05-23 | N/A | N/A | ||
| Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header: from n/a through 1.3. | |||||
| CVE-2025-48271 | 2025-05-23 | N/A | N/A | ||
| Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Leadinfo: from n/a through 1.1. | |||||