Total
5234 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23766 | 2 Ashamil, Wordpress | 2 Opsi Israel Domestic Shipments, Wordpress | 2025-06-27 | 6.5 Medium |
| Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OPSI Israel Domestic Shipments: from n/a through 2.6.6. | ||||
| CVE-2025-6284 | 1 Phpgurukul | 1 Car Rental Portal | 2025-06-26 | 4.3 Medium |
| A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-49880 | 2025-06-26 | 4.3 Medium | ||
| Missing Authorization vulnerability in Emraan Cheema CubeWP Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CubeWP Forms: from n/a through 1.1.5. | ||||
| CVE-2025-6341 | 1 Fabian | 1 School Fees Payment System | 2025-06-26 | 4.3 Medium |
| A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-52878 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | 4.3 Medium |
| In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions | ||||
| CVE-2025-3687 | 1 Misstt123 | 1 Oasys | 2025-06-25 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2024-54252 | 2025-06-25 | 6.3 Medium | ||
| Missing Authorization vulnerability in Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.6. | ||||
| CVE-2025-32045 | 1 Moodle | 1 Moodle | 2025-06-24 | 5.3 Medium |
| A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades. | ||||
| CVE-2024-37903 | 1 Joinmastodon | 1 Mastodon | 2025-06-24 | 8.2 High |
| Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the contents of a post not intended for them. Versions 4.1.18 and 4.2.10 contain a patch for this issue. | ||||
| CVE-2025-49265 | 1 Wpswings | 1 Membership For Woocommerce | 2025-06-24 | 7.5 High |
| Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.8.1. | ||||
| CVE-2025-30957 | 1 Buddydev | 1 Activity Plus Reloaded For Buddypress | 2025-06-24 | 5.4 Medium |
| Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Activity Plus Reloaded for BuddyPress: from n/a through 1.1.2. | ||||
| CVE-2025-49241 | 1 Bobbingwide | 1 Oik | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in bobbingwide oik allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects oik: from n/a through 4.15.1. | ||||
| CVE-2025-39447 | 1 Crocoblock | 1 Jetelements For Elementor | 2025-06-24 | 7.5 High |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through 2.7.4.1. | ||||
| CVE-2025-39460 | 1 Thimpress | 1 Eduma | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in ThimPress Eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through 5.6.4. | ||||
| CVE-2025-39511 | 1 Valvepress | 1 Pinterest Automatic Pin | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pinterest Automatic Pin: from n/a through 4.18.2. | ||||
| CVE-2025-39545 | 1 Miniorange | 1 Wordpress Rest Api Authentication | 2025-06-24 | 5.4 Medium |
| Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3. | ||||
| CVE-2025-39571 | 1 Wpxpo | 1 Wowstore | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4. | ||||
| CVE-2025-3037 | 1 Yzk2356911358 | 1 Studentservlet-jsp | 2025-06-24 | 4.3 Medium |
| A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2025-3124 | 1 Github | 1 Enterprise Server | 2025-06-24 | N/A |
| A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2. | ||||
| CVE-2025-3257 | 1 Xujiangfei | 1 Admintwo | 2025-06-24 | 4.3 Medium |
| A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||