Total
5353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48444 | 1 Quick Node Block Project | 1 Quick Node Block | 2025-06-20 | 5.3 Medium |
| Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0. | ||||
| CVE-2025-6105 | 1 Jflyfox | 1 Jfinal Cms | 2025-06-20 | 4.3 Medium |
| A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-49874 | 1 Tychesoftwares | 1 Arconix Faq | 2025-06-20 | 4.3 Medium |
| Missing Authorization vulnerability in tychesoftwares Arconix FAQ allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Arconix FAQ: from n/a through 1.9.6. | ||||
| CVE-2025-49872 | 2025-06-20 | 5.3 Medium | ||
| Missing Authorization vulnerability in WPExperts.io myCred allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects myCred: from n/a through 2.9.4.2. | ||||
| CVE-2025-49864 | 2025-06-20 | 5.3 Medium | ||
| Missing Authorization vulnerability in AFS Analytics AFS Analytics allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AFS Analytics: from n/a through 4.21. | ||||
| CVE-2023-42358 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-06-18 | 7.5 High |
| An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component. | ||||
| CVE-2025-23999 | 2025-06-18 | 4.3 Medium | ||
| Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13. | ||||
| CVE-2025-49857 | 2025-06-18 | 4.3 Medium | ||
| Missing Authorization vulnerability in WPExperts.io myCred allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects myCred: from n/a through 2.9.4.2. | ||||
| CVE-2024-1047 | 1 Themeisle | 1 Orbit Fox | 2025-06-17 | 5.3 Medium |
| The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys. | ||||
| CVE-2023-22836 | 1 Guardiansoft | 1 Guardian | 2025-06-17 | 3.5 Low |
| In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants. | ||||
| CVE-2023-23896 | 1 Mythemeshop | 1 Url Shortener | 2025-06-17 | 5.4 Medium |
| Missing Authorization vulnerability in MyThemeShop URL Shortener by MyThemeShop.This issue affects URL Shortener by MyThemeShop: from n/a through 1.0.17. | ||||
| CVE-2022-41790 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2025-06-17 | 4.3 Medium |
| Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76. | ||||
| CVE-2022-40203 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2025-06-17 | 6.3 Medium |
| Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5. | ||||
| CVE-2022-38141 | 1 Zorem | 1 Sales Report Email For Woocommerce | 2025-06-17 | 4.3 Medium |
| Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8. | ||||
| CVE-2023-6955 | 1 Gitlab | 1 Gitlab | 2025-06-17 | 6.6 Medium |
| A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. | ||||
| CVE-2023-6751 | 1 Hostinger | 1 Hostinger | 2025-06-17 | 7.3 High |
| The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode. | ||||
| CVE-2023-6496 | 1 Freeamigos | 1 Manage Notification E-mails | 2025-06-17 | 5.3 Medium |
| The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function. This makes it possible for unauthenticated attackers to obtain plugin settings. | ||||
| CVE-2023-48247 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-17 | 5.3 Medium |
| The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | ||||
| CVE-2023-48245 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-17 | 6.5 Medium |
| The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | ||||
| CVE-2023-32295 | 1 Easyappointments | 1 Easy\!appointments | 2025-06-17 | 6.3 Medium |
| Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. | ||||