Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4317 | 1 Postgresql | 1 Postgresql | 2025-03-28 | N/A | 4.3 MEDIUM |
| Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected. | |||||
| CVE-2025-20125 | 1 Cisco | 1 Identity Services Engine | 2025-03-28 | N/A | 7.2 HIGH |
| A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time. | |||||
| CVE-2024-12336 | 1 Codexpert | 1 Wc Affiliate | 2025-03-28 | N/A | 6.5 MEDIUM |
| The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive affiliate data, including personally identifiable information (PII). | |||||
| CVE-2025-1657 | 1 Stylemixthemes | 1 Ulisting | 2025-03-28 | N/A | 8.8 HIGH |
| The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update post meta data and inject PHP Objects that may be unserialized. | |||||
| CVE-2025-1667 | 1 Igexsolutions | 1 Wpschoolpress | 2025-03-28 | N/A | 4.3 MEDIUM |
| The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators. | |||||
| CVE-2025-26956 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. | |||||
| CVE-2023-52642 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-27 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: media: rc: bpf attach/detach requires write permission Note that bpf attach/detach also requires CAP_NET_ADMIN. | |||||
| CVE-2022-4872 | 1 Chained Products Project | 1 Chained Products | 2025-03-27 | N/A | 4.3 MEDIUM |
| The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' | |||||
| CVE-2025-22673 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in WPFactory EAN for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through 5.3.5. | |||||
| CVE-2025-22667 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through 1.8.2. | |||||
| CVE-2025-22629 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in iNET iNET Webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through 1.2.2. | |||||
| CVE-2025-22665 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in Shakeeb Sadikeen RapidLoad allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RapidLoad: from n/a through 2.4.4. | |||||
| CVE-2025-22770 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6. | |||||
| CVE-2025-22668 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through 2.7.2. | |||||
| CVE-2025-22671 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in Leap13 Disable Elementor Editor Translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Disable Elementor Editor Translation: from n/a through 1.0.2. | |||||
| CVE-2025-22647 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2. | |||||
| CVE-2025-22670 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.7.2. | |||||
| CVE-2023-6821 | 1 Bestwebsoft | 1 Error Log Viewer | 2025-03-27 | N/A | 6.5 MEDIUM |
| The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization | |||||
| CVE-2025-30772 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through 3.0.4. | |||||
| CVE-2025-30883 | 2025-03-27 | N/A | N/A | ||
| Missing Authorization vulnerability in richplugins Trust.Reviews allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trust.Reviews: from n/a through 2.3. | |||||