Total
5352 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39545 | 1 Miniorange | 1 Wordpress Rest Api Authentication | 2025-06-24 | 5.4 Medium |
| Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3. | ||||
| CVE-2025-39571 | 1 Wpxpo | 1 Wowstore | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4. | ||||
| CVE-2025-3037 | 1 Yzk2356911358 | 1 Studentservlet-jsp | 2025-06-24 | 4.3 Medium |
| A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2025-3257 | 1 Xujiangfei | 1 Admintwo | 2025-06-24 | 4.3 Medium |
| A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3624 | 1 Hitachi | 1 Ops Center Analyzer | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00. | ||||
| CVE-2025-47465 | 1 Creativethemes | 1 Blocksy | 2025-06-24 | 4.9 Medium |
| Missing Authorization vulnerability in CreativeThemes Blocksy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Blocksy: from n/a through 2.0.97. | ||||
| CVE-2025-47471 | 1 Envothemes | 1 Envo Extra | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in EnvoThemes Envo Extra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Envo Extra: from n/a through 1.9.9. | ||||
| CVE-2025-47485 | 1 Cozythemes | 1 Cozy Blocks | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in CozyThemes Cozy Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cozy Blocks: from n/a through 2.1.22. | ||||
| CVE-2025-47486 | 1 Cyberchimps | 1 Gutenberg & Elementor Templates Importer For Responsive | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in CyberChimps Gutenberg & Elementor Templates Importer For Responsive allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Gutenberg & Elementor Templates Importer For Responsive: from n/a through 3.1.9. | ||||
| CVE-2025-47563 | 1 Villatheme | 1 Curcy | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7. | ||||
| CVE-2025-47692 | 1 Contentstudio | 1 Contentstudio | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in contentstudio ContentStudio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentStudio: from n/a through 1.3.3. | ||||
| CVE-2025-47942 | 1 Openedx | 1 Edx-platform | 2025-06-24 | 5.3 Medium |
| The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course problems. This potentially affects any course using custom Python-graded problem blocks. The openedx/configuration repo has had a patch since 2016 in the form of an nginx rule, but this was only intended as a temporary mitigation. As the configuration repo has been deprecated and we have not been able to locate any similar protection in Tutor, it is likely that most deployments have no protection against python_lib.zip being downloaded. The recommended mitigation, implemented in commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, restricts python_lib.zip downloads to just the course team and site staff/superusers. | ||||
| CVE-2025-48079 | 1 Metagauss | 1 Profilegrid | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1. | ||||
| CVE-2025-48242 | 1 Wpwax | 1 Legal Pages | 2025-06-24 | 6.5 Medium |
| Missing Authorization vulnerability in wpWax Legal Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Legal Pages: from n/a through 1.4.5. | ||||
| CVE-2025-4047 | 1 Wpmudev | 1 Broken Link Checker | 2025-06-24 | 4.3 Medium |
| The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view the plugin's status. | ||||
| CVE-2025-4095 | 1 Docker | 1 Docker Desktop | 2025-06-24 | N/A |
| Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry. | ||||
| CVE-2025-4477 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2025-06-24 | 7.2 High |
| The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API. | ||||
| CVE-2025-30624 | 1 Wordlift | 1 Wordlift | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4. | ||||
| CVE-2025-5900 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-06-24 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30945 | 1 Taskbuilder | 1 Taskbuilder | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in taskbuilder Taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Taskbuilder: from n/a through 4.0.3. | ||||