Total
6629 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39412 | 1 Averta | 1 Master Slider | 2025-05-27 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.10.8. | |||||
| CVE-2021-41803 | 1 Hashicorp | 1 Consul | 2025-05-27 | N/A | 7.1 HIGH |
| HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2." | |||||
| CVE-2024-13703 | 1 Vcita | 1 Crm And Lead Management By Vcita | 2025-05-26 | N/A | 4.3 MEDIUM |
| The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable plugin widgets. | |||||
| CVE-2025-2104 | 1 Pagelayer | 1 Pagelayer | 2025-05-26 | N/A | 4.3 MEDIUM |
| The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site. | |||||
| CVE-2024-13358 | 1 Themekraft | 1 Buddypress Woocommerce My Account Integration | 2025-05-26 | N/A | 4.3 MEDIUM |
| The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting. | |||||
| CVE-2025-1780 | 1 Themekraft | 1 Buddypress Woocommerce My Account Integration | 2025-05-26 | N/A | 4.3 MEDIUM |
| The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.25. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting. | |||||
| CVE-2024-50500 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2. | |||||
| CVE-2025-24607 | 1 Northernbeacheswebsites | 1 Ideapush | 2025-05-23 | N/A | 5.8 MEDIUM |
| Missing Authorization vulnerability in Northern Beaches Websites IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IdeaPush: from n/a through 8.71. | |||||
| CVE-2025-22289 | 1 Eniture | 1 Ltl Freight Quotes | 2025-05-23 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8. | |||||
| CVE-2025-47942 | 2025-05-23 | N/A | 5.3 MEDIUM | ||
| The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course problems. This potentially affects any course using custom Python-graded problem blocks. The openedx/configuration repo has had a patch since 2016 in the form of an nginx rule, but this was only intended as a temporary mitigation. As the configuration repo has been deprecated and we have not been able to locate any similar protection in Tutor, it is likely that most deployments have no protection against python_lib.zip being downloaded. The recommended mitigation, implemented in commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, restricts python_lib.zip downloads to just the course team and site staff/superusers. | |||||
| CVE-2025-48271 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Leadinfo: from n/a through 1.1. | |||||
| CVE-2025-47619 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a through 2.19.4. | |||||
| CVE-2025-47690 | 2025-05-23 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1. | |||||
| CVE-2025-48275 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header: from n/a through 1.3. | |||||
| CVE-2025-46488 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in dastan800 Visual Builder allows Reflected XSS. This issue affects Visual Builder: from n/a through 1.2.2. | |||||
| CVE-2025-39536 | 2025-05-23 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through 3.6. | |||||
| CVE-2025-47529 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through 1.1.1. | |||||
| CVE-2025-47688 | 1 Advancedfilemanager | 1 Advanced File Manager | 2025-05-23 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1. | |||||
| CVE-2025-47612 | 1 Flowdee | 1 Clickwhale | 2025-05-23 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in flowdee ClickWhale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ClickWhale: from n/a through 2.4.6. | |||||
| CVE-2019-6538 | 1 Medtronic | 40 Amplia Crt-d, Amplia Crt-d Firmware, Carelink 2090 and 37 more | 2025-05-22 | 3.3 LOW | 9.3 CRITICAL |
| The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device. | |||||