Total
7650 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47183 | 1 Givewp | 1 Givewp | 2025-02-25 | 5.3 Medium |
| Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1. | ||||
| CVE-2023-28672 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | 6.5 Medium |
| Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-0911 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-02-25 | 6.5 Medium |
| The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default. | ||||
| CVE-2023-28675 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | 4.3 Medium |
| A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | ||||
| CVE-2025-26948 | 2025-02-25 | 4.3 Medium | ||
| Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | ||||
| CVE-2023-20955 | 1 Google | 1 Android | 2025-02-25 | 7.8 High |
| In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813 | ||||
| CVE-2023-21029 | 1 Google | 1 Android | 2025-02-25 | 5.5 Medium |
| In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898 | ||||
| CVE-2023-25573 | 1 Metersphere | 1 Metersphere | 2025-02-25 | 8.6 High |
| metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-1643 | 2025-02-25 | 4.3 Medium | ||
| A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been rated as problematic. This issue affects some unknown processing of the file /DadosPessoais/SG_AlterarSenha. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-1644 | 2025-02-25 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0. Affected is an unknown function of the file /DadosPessoais/SG_Gravar. The manipulation of the argument idItAg leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 1.2.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2022-48350 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | 7.5 High |
| The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2024-33558 | 1 8theme | 1 Xstore Core | 2025-02-21 | 6.5 Medium |
| Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. | ||||
| CVE-2024-45461 | 1 Apache | 1 Cloudstack | 2025-02-21 | 5.7 Medium |
| The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting "quota.enable.service" to "false". | ||||
| CVE-2023-20959 | 1 Google | 1 Android | 2025-02-21 | 7.8 High |
| In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-249057848 | ||||
| CVE-2022-36340 | 1 Mailoptin | 1 Mailoptin | 2025-02-20 | 6.5 Medium |
| Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress. | ||||
| CVE-2022-36404 | 1 Coleds | 1 Simple Seo | 2025-02-20 | 5.4 Medium |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. | ||||
| CVE-2022-40223 | 1 Searchwp | 1 Searchwp | 2025-02-20 | 5.4 Medium |
| Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. | ||||
| CVE-2022-41692 | 1 Dwbooster | 1 Appointment Hour Booking | 2025-02-20 | 4.3 Medium |
| Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. | ||||
| CVE-2022-43482 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-02-20 | 4.3 Medium |
| Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. | ||||
| CVE-2024-37363 | 2025-02-20 | 6.5 Medium | ||
| The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an authorization check in the data source management service. When access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service. | ||||