Total
5353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3895 | 1 Androidbubbles | 1 Wp Datepicker | 2025-02-27 | 8.8 High |
| The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options that can be used for privilege escalation. This was partially patched in 2.0.9 and 2.1.0, and fully patched in 2.1.1. | ||||
| CVE-2023-27462 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-27 | 3.1 Low |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for. | ||||
| CVE-2023-1296 | 1 Hashicorp | 1 Nomad | 2025-02-27 | 2.7 Low |
| HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1. | ||||
| CVE-2023-1299 | 1 Hashicorp | 1 Nomad | 2025-02-27 | 7.4 High |
| HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1. | ||||
| CVE-2023-27309 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-27 | 5 Medium |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions. | ||||
| CVE-2025-22280 | 2025-02-27 | 7.6 High | ||
| Missing Authorization vulnerability in revmakx DefendWP Firewall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DefendWP Firewall: from n/a through 1.1.0. | ||||
| CVE-2024-12201 | 1 Hashthemes | 1 Hash Form | 2025-02-27 | 4.3 Medium |
| The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create new form styles. | ||||
| CVE-2023-41875 | 1 Wpdirectorykit | 1 Wp Directory Kit | 2025-02-27 | 5.3 Medium |
| Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6. | ||||
| CVE-2023-37967 | 1 Designinvento | 1 Directorypress | 2025-02-27 | 6.5 Medium |
| Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2. | ||||
| CVE-2023-5454 | 1 Templately | 1 Templately | 2025-02-26 | 7.5 High |
| The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts. | ||||
| CVE-2023-21021 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255537598 | ||||
| CVE-2023-21005 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193946 | ||||
| CVE-2023-21004 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193664 | ||||
| CVE-2023-21003 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193711 | ||||
| CVE-2023-21001 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190 | ||||
| CVE-2024-32824 | 1 Evergreencontentposter | 1 Evergreen Content Poster | 2025-02-26 | 5.4 Medium |
| Missing Authorization vulnerability in Evergreen Content Poster.This issue affects Evergreen Content Poster: from n/a through 1.4.2. | ||||
| CVE-2024-32818 | 1 Pluginus | 1 Wordpress Meta Data And Taxonomies Filter | 2025-02-26 | 4.3 Medium |
| Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3. | ||||
| CVE-2023-21002 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193935 | ||||
| CVE-2022-4148 | 1 Dash10 | 1 Oauth Server | 2025-02-26 | 4.3 Medium |
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. | ||||
| CVE-2022-45636 | 1 Megafeis | 1 Bofei Dbd\+ | 2025-02-26 | 8.1 High |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests. | ||||