Export limit exceeded: 336830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6998 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21002 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193935 | ||||
| CVE-2022-4148 | 1 Dash10 | 1 Oauth Server | 2025-02-26 | 4.3 Medium |
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. | ||||
| CVE-2022-45636 | 1 Megafeis | 1 Bofei Dbd\+ | 2025-02-26 | 8.1 High |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests. | ||||
| CVE-2024-1904 | 1 Stylemixthemes | 1 Masterstudy Lms | 2025-02-26 | 4.3 Medium |
| The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts. | ||||
| CVE-2023-1261 | 1 Silabs | 1 Wi-sun Software Development Kit | 2025-02-26 | 8.2 High |
| Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network. | ||||
| CVE-2023-1262 | 1 Silabs | 2 Wireless Smart Ubiquitous Network Linux Border Router, Wireless Smart Ubiquitous Network Linux Border Router Firmware | 2025-02-26 | 8.2 High |
| Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network. | ||||
| CVE-2025-1091 | 2025-02-26 | 4.3 Medium | ||
| A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known. | ||||
| CVE-2023-0890 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-02-26 | 6.5 Medium |
| The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of protected posts | ||||
| CVE-2024-9628 | 1 10web | 1 Wps Telegram Chat | 2025-02-26 | 6.3 Medium |
| The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' function in versions up to, and including, 4.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the Telegram Bot API endpoint and communicate with it. | ||||
| CVE-2024-9697 | 1 Wpsocialrocket | 1 Social Rocket | 2025-02-25 | 5.3 Medium |
| The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. | ||||
| CVE-2024-56273 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-02-25 | 4.3 Medium |
| Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106. | ||||
| CVE-2023-23672 | 1 Givewp | 1 Givewp | 2025-02-25 | 5.4 Medium |
| Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | ||||
| CVE-2023-47183 | 1 Givewp | 1 Givewp | 2025-02-25 | 5.3 Medium |
| Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1. | ||||
| CVE-2024-12071 | 1 Evergreencontentposter | 1 Evergreen Content Poster | 2025-02-25 | 5.3 Medium |
| The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages. | ||||
| CVE-2024-13364 | 1 Raptive | 1 Raptive Ads | 2025-02-25 | 5.3 Medium |
| The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to reset the ad and cls files. | ||||
| CVE-2023-28672 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | 6.5 Medium |
| Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-0911 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-02-25 | 6.5 Medium |
| The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default. | ||||
| CVE-2024-13520 | 1 Codemenschen | 1 Gift Vouchers | 2025-02-25 | 5.3 Medium |
| The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'update_voucher_price', 'update_voucher_date', 'update_voucher_note' functions in all versions up to, and including, 4.4.6. This makes it possible for unauthenticated attackers to update the value, expiration date, and user note for any gift voucher. | ||||
| CVE-2025-0968 | 1 Wpmet | 1 Elementskit Elementor Addons | 2025-02-25 | 5.3 Medium |
| The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items. | ||||
| CVE-2023-28675 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | 4.3 Medium |
| A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | ||||