Total
646 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56513 | 1 Karmada-io | 1 Karmada | 2025-07-13 | N/A |
| Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the `karmadactl register` command have excessive privileges to access control plane resources. By abusing these permissions, an attacker able to authenticate as the karmada-agent to a karmada cluster would be able to obtain administrative privileges over the entire federation system including all registered member clusters. Since Karmada v1.12.0, command `karmadactl register` restricts the access permissions of pull mode member clusters to control plane resources. This way, an attacker able to authenticate as the karmada-agent cannot control other member clusters in Karmada. As a workaround, one may restrict the access permissions of pull mode member clusters to control plane resources according to Karmada Component Permissions Docs. | ||||
| CVE-2025-39542 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat allows Privilege Escalation. This issue affects Xelion Webchat: from n/a through 9.1.0. | ||||
| CVE-2025-32648 | 2 Projectopia, Wordpress | 2 Projectopia, Wordpress | 2025-07-13 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Projectopia Projectopia allows Privilege Escalation. This issue affects Projectopia: from n/a through 5.1.16. | ||||
| CVE-2025-22736 | 2 Wordpress, Wpexperts | 2 Wordpress, User Management | 2025-07-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in WPExperts User Management allows Privilege Escalation.This issue affects User Management: from n/a through 1.2. | ||||
| CVE-2025-26512 | 1 Netapp | 1 Snapcenter | 2025-07-13 | 9.9 Critical |
| SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. | ||||
| CVE-2025-43001 | 1 Sap | 1 Sapcar | 2025-07-13 | 6.9 Medium |
| SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system. | ||||
| CVE-2024-56280 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Amento Tech Pvt ltd WPGuppy allows Privilege Escalation.This issue affects WPGuppy: from n/a through 1.1.0. | ||||
| CVE-2024-56205 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in AI Magic allows Privilege Escalation.This issue affects AI Magic: from n/a through 1.0.4. | ||||
| CVE-2024-32555 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6. | ||||
| CVE-2024-51800 | 2 Favethemes, Wordpress | 2 Homey, Wordpress | 2025-07-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1. | ||||
| CVE-2025-31420 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.6 High |
| Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.4.2. | ||||
| CVE-2025-31524 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in NotFound WP User Profiles allows Privilege Escalation. This issue affects WP User Profiles: from n/a through 2.6.2. | ||||
| CVE-2024-56043 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9. | ||||
| CVE-2024-54383 | 2 Wordpress, Wpweb | 2 Wordpress, Woocommerce Pdf Vouchers | 2025-07-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. | ||||
| CVE-2024-54365 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Halim KH Easy User Settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through 1.0.0. | ||||
| CVE-2024-56000 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements allows Privilege Escalation.This issue affects K Elements: from n/a before 5.4.0. | ||||
| CVE-2024-56071 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Mike Leembruggen Simple Dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through 2.0. | ||||
| CVE-2025-23528 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Wouter Dijkstra DD Roles allows Privilege Escalation.This issue affects DD Roles: from n/a through 4.1. | ||||
| CVE-2024-54293 | 2 Ce21, Wordpress | 2 Ce21-suite, Wordpress | 2025-07-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through 2.2.0. | ||||
| CVE-2024-56040 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP allows Privilege Escalation.This issue affects VibeBP: from n/a through 1.9.9.4.1. | ||||