Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46489 | 2025-04-24 | N/A | N/A | ||
| Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through 2.1. | |||||
| CVE-2025-46519 | 2025-04-24 | N/A | N/A | ||
| Missing Authorization vulnerability in Michael Revellin-Clerc Media Library Downloader allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Library Downloader: from n/a through 1.3.1. | |||||
| CVE-2025-46470 | 2025-04-24 | N/A | N/A | ||
| Missing Authorization vulnerability in Peter Raschendorfer Smart Hashtags [#hashtagger] allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Hashtags [#hashtagger]: from n/a through 7.2.3. | |||||
| CVE-2022-41807 | 1 Kyocera | 80 Ecosys M2535dn, Ecosys M2535dn Firmware, Ecosys M6526cdn and 77 more | 2025-04-24 | N/A | 6.5 MEDIUM |
| Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. | |||||
| CVE-2022-44009 | 1 Stackstorm | 1 Stackstorm | 2025-04-24 | N/A | 7.5 HIGH |
| Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information. | |||||
| CVE-2022-39102 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39100 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39101 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2021-47662 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Due to missing authorization an unauthenticated remote attackerĀ can cause a DoS attack by connecting via HTTPS and triggering the shutdown button. | |||||
| CVE-2025-3058 | 2025-04-24 | N/A | 8.8 HIGH | ||
| The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwc_save_settings() function in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-13307 | 2025-04-24 | N/A | 5.3 MEDIUM | ||
| The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'reales_delete_file', 'reales_delete_file_plans', 'reales_add_to_favourites', and 'reales_remove_from_favourites' functions in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary attachments, and add or remove favorite property listings for any user. | |||||
| CVE-2022-42766 | 2 Google, Unisoc | 14 Android, S8011, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | |||||
| CVE-2022-42776 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | N/A | 7.8 HIGH |
| In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed. | |||||
| CVE-2022-42782 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | |||||
| CVE-2022-42777 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-42778 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | N/A | 7.8 HIGH |
| In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed. | |||||
| CVE-2022-39098 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39097 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39094 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39091 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||