Total
5234 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3624 | 1 Hitachi | 1 Ops Center Analyzer | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00. | ||||
| CVE-2025-47563 | 1 Villatheme | 1 Curcy | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7. | ||||
| CVE-2025-47942 | 1 Openedx | 1 Edx-platform | 2025-06-24 | 5.3 Medium |
| The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course problems. This potentially affects any course using custom Python-graded problem blocks. The openedx/configuration repo has had a patch since 2016 in the form of an nginx rule, but this was only intended as a temporary mitigation. As the configuration repo has been deprecated and we have not been able to locate any similar protection in Tutor, it is likely that most deployments have no protection against python_lib.zip being downloaded. The recommended mitigation, implemented in commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, restricts python_lib.zip downloads to just the course team and site staff/superusers. | ||||
| CVE-2025-48079 | 1 Metagauss | 1 Profilegrid | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1. | ||||
| CVE-2025-48242 | 1 Wpwax | 1 Legal Pages | 2025-06-24 | 6.5 Medium |
| Missing Authorization vulnerability in wpWax Legal Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Legal Pages: from n/a through 1.4.5. | ||||
| CVE-2025-4047 | 1 Wpmudev | 1 Broken Link Checker | 2025-06-24 | 4.3 Medium |
| The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view the plugin's status. | ||||
| CVE-2025-4477 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2025-06-24 | 7.2 High |
| The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API. | ||||
| CVE-2025-30624 | 1 Wordlift | 1 Wordlift | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4. | ||||
| CVE-2025-27505 | 1 Geoserver | 1 Geoserver | 2025-06-24 | 5.3 Medium |
| GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disclose whether certain extensions are installed. This vulnerability is fixed in 2.26.3 and 2.25.6. As a workaround, in ${GEOSERVER_DATA_DIR}/security/config.xml, change the paths for the rest filter to /rest.*,/rest/** and change the paths for the gwc filter to /gwc/rest.*,/gwc/rest/** and restart GeoServer. | ||||
| CVE-2025-5900 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-06-24 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30945 | 1 Taskbuilder | 1 Taskbuilder | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in taskbuilder Taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Taskbuilder: from n/a through 4.0.3. | ||||
| CVE-2025-1233 | 1 Althemist | 1 Lafka Plugin | 2025-06-24 | 4.3 Medium |
| The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the theme option that overrides the site. | ||||
| CVE-2025-49969 | 2025-06-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zara 4 Image Compression: from n/a through 1.2.17.2. | ||||
| CVE-2025-49970 | 2025-06-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hello FSE Blog: from n/a through 1.0.6. | ||||
| CVE-2025-49971 | 2025-06-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eDS Responsive Menu: from n/a through 1.2. | ||||
| CVE-2025-49973 | 2025-06-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes: from n/a through 1.0.9. | ||||
| CVE-2025-49974 | 2025-06-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through 2.1.0. | ||||
| CVE-2025-49976 | 2025-06-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7. | ||||
| CVE-2025-49979 | 2025-06-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.1. | ||||
| CVE-2025-49980 | 2025-06-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Profile Avatar: from n/a through 1.0.6. | ||||