Total
5352 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6478 | 1 Codeastro | 1 Expense Management System | 2025-06-27 | 4.3 Medium |
| A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. | ||||
| CVE-2024-50628 | 1 Digi | 7 Connectport Lts 16, Connectport Lts 16 Mei, Connectport Lts 16 Mei 2ac and 4 more | 2025-06-27 | 8.8 High |
| An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues. | ||||
| CVE-2025-27583 | 1 Serosoft | 1 Academia Student Information System | 2025-06-27 | 9.1 Critical |
| Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account. | ||||
| CVE-2025-25953 | 1 Serosoft | 1 Academia Student Information System | 2025-06-27 | 6.5 Medium |
| Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information. | ||||
| CVE-2025-5701 | 2 Siteheart, Wordpress | 2 Hypercomments Plugin, Wordpress | 2025-06-27 | 9.8 Critical |
| The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2025-23766 | 2 Ashamil, Wordpress | 2 Opsi Israel Domestic Shipments, Wordpress | 2025-06-27 | 6.5 Medium |
| Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OPSI Israel Domestic Shipments: from n/a through 2.6.6. | ||||
| CVE-2025-6284 | 1 Phpgurukul | 1 Car Rental Portal | 2025-06-26 | 4.3 Medium |
| A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-49880 | 2025-06-26 | 4.3 Medium | ||
| Missing Authorization vulnerability in Emraan Cheema CubeWP Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CubeWP Forms: from n/a through 1.1.5. | ||||
| CVE-2025-6341 | 1 Fabian | 1 School Fees Payment System | 2025-06-26 | 4.3 Medium |
| A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-52878 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | 4.3 Medium |
| In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions | ||||
| CVE-2025-3687 | 1 Misstt123 | 1 Oasys | 2025-06-25 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2024-54252 | 2025-06-25 | 6.3 Medium | ||
| Missing Authorization vulnerability in Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.6. | ||||
| CVE-2025-32045 | 1 Moodle | 1 Moodle | 2025-06-24 | 5.3 Medium |
| A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades. | ||||
| CVE-2024-37903 | 1 Joinmastodon | 1 Mastodon | 2025-06-24 | 8.2 High |
| Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the contents of a post not intended for them. Versions 4.1.18 and 4.2.10 contain a patch for this issue. | ||||
| CVE-2025-49265 | 1 Wpswings | 1 Membership For Woocommerce | 2025-06-24 | 7.5 High |
| Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.8.1. | ||||
| CVE-2025-30957 | 1 Buddydev | 1 Activity Plus Reloaded For Buddypress | 2025-06-24 | 5.4 Medium |
| Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Activity Plus Reloaded for BuddyPress: from n/a through 1.1.2. | ||||
| CVE-2025-49241 | 1 Bobbingwide | 1 Oik | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in bobbingwide oik allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects oik: from n/a through 4.15.1. | ||||
| CVE-2025-39447 | 1 Crocoblock | 1 Jetelements For Elementor | 2025-06-24 | 7.5 High |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through 2.7.4.1. | ||||
| CVE-2025-39460 | 1 Thimpress | 1 Eduma | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in ThimPress Eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through 5.6.4. | ||||
| CVE-2025-39511 | 1 Valvepress | 1 Pinterest Automatic Pin | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pinterest Automatic Pin: from n/a through 4.18.2. | ||||