Export limit exceeded: 346703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7741 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1299 | 1 Gitlab | 1 Gitlab | 2025-07-28 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sending a crafted request. | ||||
| CVE-2025-6813 | 2025-07-22 | 8.8 High | ||
| The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass all role checks and gain full admin privileges. | ||||
| CVE-2024-43154 | 2 Bracketspace, Wordpress | 2 Advanced Cron Manager, Wordpress | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9. | ||||
| CVE-2024-43260 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 5.4 Medium |
| Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4. | ||||
| CVE-2024-34758 | 2 Wordpress, Wpmet | 2 Wordpress, Wp Fundraising Donation And Crowdfunding Platform | 2025-07-21 | 5.3 Medium |
| Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.6.4. | ||||
| CVE-2025-3871 | 2025-07-18 | 5.3 Medium | ||
| Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and the user has not set an email address. In this scenario, the attacker may enter the email address of a known user when prompted and the user will be disabled if that user has configured GOTP. | ||||
| CVE-2025-3557 | 1 Scriptandtools | 1 Ecommerce-website-in-php | 2025-07-17 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2876 | 2 Melapress, Wordpress | 2 Melapress Login Security, Wordpress | 2025-07-17 | 5.3 Medium |
| The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user. | ||||
| CVE-2024-5820 | 1 Stitionai | 1 Devika | 2025-07-15 | 8.8 High |
| An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all communication between the user and the backend. This vulnerability can lead to unauthorized command execution and potential server-side request forgery. | ||||
| CVE-2024-24799 | 2 Woocommerce, Wordpress | 2 Woocommerce Box Office, Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. | ||||
| CVE-2024-34804 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8. | ||||
| CVE-2024-25922 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. | ||||
| CVE-2024-32804 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.This issue affects WP GoToWebinar: from n/a through 14.46. | ||||
| CVE-2024-4138 | 1 Sap | 1 S/4 Hana | 2025-07-13 | 4.3 Medium |
| Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected. | ||||
| CVE-2024-32432 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.This issue affects Ovic Addon Toolkit: from n/a through 2.6.1. | ||||
| CVE-2024-35663 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0. | ||||
| CVE-2024-37203 | 2 Laybuy, Wordpress | 2 Laybuy Payment Extension For Woocommerce, Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9. | ||||
| CVE-2024-32518 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0. | ||||
| CVE-2024-33938 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0. | ||||
| CVE-2023-51526 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through 2.2.4. | ||||