Total
5353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47612 | 1 Flowdee | 1 Clickwhale | 2025-05-23 | 5.4 Medium |
| Missing Authorization vulnerability in flowdee ClickWhale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ClickWhale: from n/a through 2.4.6. | ||||
| CVE-2019-6538 | 1 Medtronic | 40 Amplia Crt-d, Amplia Crt-d Firmware, Carelink 2090 and 37 more | 2025-05-22 | 9.3 Critical |
| The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device. | ||||
| CVE-2022-35249 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | ||||
| CVE-2022-35247 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. | ||||
| CVE-2022-32220 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 6.5 Medium |
| An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | ||||
| CVE-2022-2987 | 1 Ldap Wp Login \/ Active Directory Integration Project | 1 Ldap Wp Login \/ Active Directory Integration | 2025-05-22 | 7.5 High |
| The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication | ||||
| CVE-2023-6840 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 6.7 Medium |
| An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR. | ||||
| CVE-2023-5612 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled. | ||||
| CVE-2023-5061 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API. | ||||
| CVE-2023-4895 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects | ||||
| CVE-2023-4700 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 3.5 Low |
| An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. | ||||
| CVE-2023-2233 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 3.1 Low |
| An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects. | ||||
| CVE-2024-6328 | 1 Inspireui | 1 Mstore Api | 2025-05-21 | 9.8 Critical |
| The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms_login' and 'firebase_sms_login_v2' functions. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email address or phone number. Additionally, if a new email address is supplied, a new user account is created with the default role, even if registration is disabled. | ||||
| CVE-2025-48268 | 2025-05-21 | 4.3 Medium | ||
| Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bot for Telegram on WooCommerce: from n/a through 1.2.6. | ||||
| CVE-2025-48260 | 2025-05-21 | 4.3 Medium | ||
| Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.3. | ||||
| CVE-2025-48247 | 2025-05-21 | 4.3 Medium | ||
| Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortlinks by Pretty Links: from n/a through 3.6.15. | ||||
| CVE-2025-48246 | 2025-05-21 | 5.4 Medium | ||
| Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Events Calendar: from n/a through 6.11.2.1. | ||||
| CVE-2025-48282 | 2025-05-21 | 5.3 Medium | ||
| Missing Authorization vulnerability in Majestic Support Majestic Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Majestic Support: from n/a through 1.1.0. | ||||
| CVE-2025-22287 | 2025-05-21 | 5.4 Medium | ||
| Missing Authorization vulnerability in Eniture Technology LTL Freight Quotes – FreightQuote Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.11. | ||||
| CVE-2025-39353 | 2025-05-21 | 5.3 Medium | ||
| Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0. | ||||